Differences
This shows you the differences between two versions of the page.
| Both sides previous revision
Previous revision
|
|
software:pgp [2022/04/08 00:24]
cyril more fixes |
software:pgp [2022/04/24 15:23] (current)
cyril [Trusted Timestamping] |
| Remarks: | Remarks: |
| * Providing only a cryptographically secure hash of your data instead of the whole data is sufficient, while ensuring confidentiality of your data. | * Providing only a cryptographically secure hash of your data instead of the whole data is sufficient, while ensuring confidentiality of your data. |
| * If you also want to prove that you were in possession of this document at this time (i.e. that you did not find it with the trusted timestand later), you need to make sure that it is clearly written in the document that you are its author. You can also create an intermediate file containing both your name as well as the file hash. However you still benefit from plausible deniability (someone else cannot prove that you are the author), as anyone could have proceeded to this trusted timestamping with your name in it. | * If you also want to prove that you were in possession of this document at this time (i.e. that it was not done by someone else, and you found it with the trusted timestamp later), you need to make sure that it is clearly written in the document that you are its author. You can also create an intermediate file containing both your name as well as the file hash. However you still benefit from plausible deniability (someone else cannot prove that you are the author), as anyone could have proceeded to this trusted timestamping with your name in it. |
| * If you want a bit stronger proof that you were in possession of this document at this time, and accept non-repudiation (or it is demanded by a third party), you can also include a signature of the document with your PGP key in the intermediate file. | * If you want a bit stronger proof that you were in possession of this document at this time, and accept non-repudiation (or it is demanded by a third party), you can also include a signature of the document with your PGP key in the intermediate file. |
| * Note: if you don't want to decide whether signing or not when timestamping, you could create two versions of the intermediate file, with and without signatures, and timestamp both. However it has limited value, as plausible deniability only makes sense if someone else obtains the files and opposes them to you, so the mere existence of non-repudiable signatures opens this risk. Divulgating yourself the deniable files, realizing that you should not have, and ending up denying them, would be very suspicious (except maybe saying that the files were altered by someone else, but you would have to provide the unaltered files, with which you initially got mixed up). | * Note: if you don't want to decide whether signing or not when timestamping, you could create two versions of the intermediate file, with and without signatures, and timestamp both. However it has limited value, as plausible deniability only makes sense if someone else obtains the files and opposes them to you, so the mere existence of non-repudiable signatures opens this risk. Divulgating yourself the deniable files, realizing that you should not have, and ending up denying them, would be very suspicious (except maybe saying that the files were altered by someone else, but you would have to provide the unaltered files, with which you initially got mixed up). |
