h a l f b a k e r y
Why did I think of that?
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
Every time you print a letter the only way to authenticate yourself is
to add a manual signature to the paper with your expensive bic pen.
When the person who signs a lot of papers every day, usually came
out with a printed signature scanned in advance or worst solution.
A better solution will
be producing a summary of the content (aka
checksum) plus a timestamp and digitally sign with your private key
(see Public-key cryptography). The result code will be printed in the
paper document with QR code barcodes (from wikipedia: A QR
Code is a matrix code (or two-dimensional bar code) created by
Japanese corporation Denso-Wave in 1994. The QR is derived from
Quick Response, as the creator intended the code to allow its
contents to be decoded at high speed.). When receiver want to
check the integrity of the content of the letter and the source, it will
use his phone whit a typical QR code reader and check with the
source public key if the checksum is correct.
All this technical details can be hidden from user view integrating qr
code generator in a web editor like google docs and handle a server
for private-public key.
someone mentioned this on twitter this morning - is this what you want?
[po, Nov 12 2009]
||mebbe embed the checksum in the wording, somehow.
||Po, the service you link to typesets or scans words and sends them back to you as an image. It doesn't prove that you wrote something - in fact that makes it easier for someone else to give the impression that you "signed" something you really didn't.
||So, in a way, that link is the opposite of the idea. Not to mention fugly.
||Let me firmly re-iterate: The authenticity of a document is only as good as the ability to verify it's source. A fax is a higher quality of source because, generally speaking, it comes from an easily traced phone connection. An encryption signature/anti-tampering index works only if we have a pub/priv key system already set up, otherwise it is meaningless.
||Yeah, you'll need an infrastructure of trust in which to trade keys. This has its own issues as a paper document may outlast its issuing key. That is, a document may fail authentication because it was printed 5 years before its owner lost his private key and was added to a revocation list. The document is still valid, but may not be provably so.
||Plus, just because I believe you created a document doesn't mean I believe what you've written in it. More to the point, many documents I sign are not, in fact, created by me (driver's license, checks, receipts, contracts, etc).
||Is there a scenario where there's a legitimate need for something like this? Maybe a will or living will. What happens when a document spans many pages? Is there a barcode on each page?
||I seen no application for this, but so i did with Twitter... [+]