Encrypted Signer App

A way to handle signature requests while preserving the privacy of the signers at the same time. Designed to be compatible with Air-gapped devices like Yubikey hardware keys, etc.

Comment 2

Inspiration

The idea comes from hardware wallets. If we can sign transactions with our own keys with Bitcoin, why not adapt it to contracts or any other applications for digital signatures and get private communications of documents through the same keys!

What it does

From the command line, a user is asked for its public and private key to encrypt and sign a document. It uploads an encrypted version of the document to IPFS to share it with the recipient of a signature request. The signature request is sent through the HelloSign API. The API does the heavy work to handle the communication to a recipient. OpenPGP does the remaining to ensure a document has been sent by someone identifiable by its keys (provided it is shared through a server like keys.openpgpg.org). The document is encrypted and signed, so the privacy of both parties is preserved while using the API.

How we built it

It uses HelloSign API and OpenPGP. The API is used to send a signature request. PGP is used to encrypt and sign a document. Nodejs is used to interact with the HelloSign API (we use the Javascript SDK) and the interaction is done through a command line application.

Challenges we ran into

The HelloSign API felt very closed to specs very narrow. So while using the API it has been hard at first to use something else than provided, and hence it was hard to be creative. Nonetheless, what we did was to solve the problems we ran into by trying to circumvent the limitations of the HelloSign API.

Accomplishments that we're proud of

I have been able to provide a way to request signature in a way which preserves the privacy of the users. The command line application in the end knows nothing of what its users do. It just share documents through IPFS, encrypt it, sign it, and boom, the recipient of the signature request can verify and decrypt the document without relying too much on intermediaries.

What we learned

I learned better what could be the ins and outs of digital signatures, and of hardware providing PKI (e.g., Yubikey). So this hackathon has been a great means for me to improve my knowledge about signatures, verification and PGP.

What's next for Encrypted Signer App

The next step for the app would be to create a electron app to invite non-developers to use the app. Also, we would have to add support for multiple users, allow multiple users to give their signatures, do multisig by default if requested. Ideally the HelloSign API would also provide a more friendly way to allow a user to copy to the clipboard the encrypted text. From the review step the user would hence click directly to review button to get access to the encrypted document instead of a picture. This would optimize the user experience. Lastly, handling air-gapped devices more proactively would be best for the use cases envisioned.

Built With

Share this project:

Updates