Skip to main content

Blockchain-backed timestamp proof for structured document sections

Project description

PyPI Python package build status

stramp

Timestamp a structured text document such that the content of any section or subsection can later be proved to have existed at (approximately) the time the document was stamped.

STRuctured text stAMP → STRAMP

This tool uses decentralized trusted timestamping technology that is backed by the Bitcoin blockchain. The protocol used is OpenTimestamps. Servers supporting this protocol are public and free to use.

The advantage of Stramp over using another OpenTimestamps client directly is that you can prove one or more chosen sections of your document selectively without revealing the content of the entire document. This is useful if you collect notes for a project in a large file where some sections may have information you don't want to reveal and other sections have text for which you might want timestamp proof at some later time.

It is intended for this command to be run periodically in the background with a service such as cron. I'd recommend setting it up to run once or twice a day.

Applications

This tool has the same applications as digital trusted timestamping in general, but the convenience and zero cost make it much more practical. Set it up to run in the background on your note files, and with practically no further effort you'll get the benefit in case you ever need it:

  • Patent documentation - This can't be directly used to win a patent since everyone has switched to first-to-file. However, it may still be useful for defensive publication to prevent someone else from patenting an idea you came up with.

  • Trade secrets - Prove that you had the idea of doing something a certain way.

  • Simple bragging rights - Write your idea or prediction in your notes so you can later prove you had it at a specific date.

Installation

Stramp requires Python 3.6 or newer. In addition to the Python library dependencies (automatically installed, assuming you use pip), you will also need the ots command from opentimestamps-client:

pip install opentimestamps-client

If Stramp is available from PyPI, you can install it with:

pip install stramp

Other options are to install it from the GitHub repository directly:

pip install -U "git+https://github.com/wonkyweirdy/stramp#egg=stramp"

or to install from a cloned git repository:

git clone https://github.com/wonkyweirdy/stramp.git
pip install ./stramp

How it works

  1. Each document files is copied to create an archive copy. The archive copy is stored in the directory ~/.stramp/data named based on the hash of the file.

  2. The text of each document, individual sections, and recursive subsections, is hashed using a secure hash algorithm to produce hexadecimal hash strings. These hash strings are collected into a JSON file along with the associated file paths and some other metadata. The JSON file goes in the ~/.stramp/new directory.

  3. The generated JSON hash file is then timestamped using the ots stamp command. Once stamped, the JSON hash file and its associated *.ots file are moved into the ~/.stramp/stamped directory. At this point, the stamp data will have been submitted to the public calendar servers. It will take time for the timestamp to be processed on the servers.

  4. The stamp file (*.ots) is upgraded using ots upgrade. Once upgraded, the JSON hash file and its associated *.ots file are moved into the ~/.stramp/complete directory. The upgraded stamp will contain all the information needed to trace the timestamp back to the specific transaction and block in the Bitcoin blockchain. Note that for a hash file stamped on the current run, the upgrade will happen on a subsequent run. It can take a few hours before the path is confirmed into a Bitcoin block. There is a built-in age limit that will prevent new (less than eight hours old) stamps from being upgraded; this is to help ensure that all the servers had enough time to process the stamp completely.

The new and stamped directories are used as queues. If the ots stamp or ots upgade command fails for a hash file on one run, it will be retried on a later run.

Configuration

The configuration file is expected to be at ~/.stramp/config.json.

Example content:

{
    "ots_command_path": "/usr/local/bin/ots",
    "documents": [
        {
          "path": "/home/joe/Documents/personal-notes.org",
          "format": "org"
        },
        {
          "path": "/home/joe/Documents/project1/project1.md",
          "format": "commonmark"
        }
    ]
}

The ots_command_path specification is optional. It defaults to just "ots", expecting that command to be found in the command search path.

Usage

Stramp will normally be called as:

stramp -x

The -x option implies -p, so the result of the above command would be to hash all the documents in the configured list and then do any processing (see the How it works section above).

Command help is available with stramp --help:

Usage: stramp [OPTIONS] [FILES]...

Options:
  -x, --hash       Hash the files listed in the configuration
  -p, --process    Stamp or upgrade any hash files that need processing
  -c, --hash-only  Just write generated hash file JSON to standard output
  -v, --verbose    Print more information
  -V, --version    Print the application version
  --help           Show this message and exit.

Stamp verification

Stramp does not implement anything to help with verification. The easiest way to check a stamp is to drop it onto the opentimestamps.org web page. If you want to check it locally, it is more involved since you need to run (or have access to) a server running Bitcoin Core.

Document formats

Org-mode

Org-mode format as UTF-8 is supported since this is what I use for my notes. The Org-mode support may not even be complete since have only implemented it to support the Org features I use.

Markdown

Markdown is supported. The specific variant of Markdown supported is CommonMark. Other variants may work as long as the headings can still be correctly interpreted using the rules of CommonMark.

Markdown support depends on Marko. Either install Marko separately or specify commonmark extra when installing with pip:

pip install "stramp[commonmark]"

Future formats

I would consider adding support for other lightweight markup languages:

Maybe other structured document formats:

  • HTML
  • ENEX (Evernote)

Security

I am aware that the content of a section could be deduced from only a hash in a hash file if that text is short or predictable. For example, this would be a problematic in an Org-mode text file:

* Passwords:
** letmein
** YouCantGuessThis

I'm ignoring this for now in the interest of keeping things simple.

Legal

My opinion is that this tool should in principal allow creating indisputable proof that the text of a section of a document existed at a specific point of time. The proof will continue to be indisputable for as long as the cryptography involved can be trusted. However, we don't know for sure there isn't someone in a secret lab somewhere able to trivially forge an SHA-2 hash.

I can't promise this tool is appropriate for any certain use case. Users need to evaluate this for themselves. Quoth the LICENSE file:

The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and non-infringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

Similar and related projects

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stramp-0.3.2.tar.gz (21.6 kB view details)

Uploaded Source

Built Distribution

stramp-0.3.2-py3-none-any.whl (13.9 kB view details)

Uploaded Python 3

File details

Details for the file stramp-0.3.2.tar.gz.

File metadata

  • Download URL: stramp-0.3.2.tar.gz
  • Upload date:
  • Size: 21.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.3

File hashes

Hashes for stramp-0.3.2.tar.gz
Algorithm Hash digest
SHA256 a6c541045610a982e92de425c64593cf43170396743dbf192a166f38bc3684e3
MD5 b92dc334518a5e27483aea3dad7ea1d6
BLAKE2b-256 f2b9e5203ad8a2a8c55d8bf2e3f1b655b8a50a59686eb6ccb5a49c8029df579b

See more details on using hashes here.

File details

Details for the file stramp-0.3.2-py3-none-any.whl.

File metadata

  • Download URL: stramp-0.3.2-py3-none-any.whl
  • Upload date:
  • Size: 13.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.3

File hashes

Hashes for stramp-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 94384d30069b59ecca36170ca28c3f2bdfe298b02d1404c86af3228fc8dbbb49
MD5 2c7ccc1a5941284cb39b0b6765bf1077
BLAKE2b-256 5dd4bde4fd2354b651859cadad7f835924b03a2c2b1b3270a90bd9767f62ab3e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page