request for comments on "electronic notebook"

[Ivo Alxneit]

--------------Boundary-00=_PRI9M859OYEC1IVTKW33
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

could you please comment on whether the following scheme implementing
an 'electronic notebook' based on free software holds.

i define an 'electronic notebook' as a journal, from which you later
can verify that you had an idea or that you did a measurement during
a certain time periode. thus later manipulations on the journal or on
the measured data should be detectable. it should not, however,
protect the data (against deletion/manipulation,...) nor should it
prevent preying eyes from accessing it. also note that i am not
concerned whether the journal would suffice as legal evidence in
court as this may be different from country to country.

the journal is a flat text file with the following structure:

   .
   .
   ## date, begin item n-1
   text line 1
   text line 2
       .
       .
   text line n-1
   text line n
   ## date, end item n-1
   ## stamp n-1
   ## date, begin item n
   text line 1
   text line 2
       .
       .
   text line n-1
   text line n
   ## date, end item n
   ## stamp n
   ## date, begin item n+1
   text line 1
   text line 2
       .
       .
   text line n-1
   text line n
   ## date, end item n+1
   ## stamp n+1
       .
       .
      =20
    =20
text lines starting with ##DATAFILE foo have a sha1 hash sum of the
file foo added to them. this will be done before an entry is closed
by setting the end marker and generating the detached signature (see
later).

each entry in the journal has a start marker (including date and time
when the marker was issued) and an end marker (again with date and
time). a stamp is added to each entry after its end marker. stamp n
is formed as follows:

a detached signature of entry n including stamp n-1 is created (after
the end marker has been set and the hash sum has been added to files
marked by ##DATAFILE) (gpg --detach-sign --armor) with the key of the
journal's owner (or anybody else having access to the journal). the
first item does not include a previously issued stamp of course. the
detached signature is then emailed to clear@stamper.itconsult.co.uk
where it is clearsigned and returned to the sender. the clearsigned
message contains the original detached signature and a time stamp
stating when the message was signed.

this stamp is the added to the end of the journal.

later any entry in the journal can be verified like this:

 - stamp n is extracted from the journal and its signature verified=20

 - the signature of entry n (stamp n-1 up to end marker item n) is
 extracted from stamp n and verified

  - any file marked with the keyword ##DATAFILE lines is verified by
 calculating its hash sum and comparing it to the one stored in the
 journal

only an unaltered entry in the journal will pass the first two
verification steps. verification step three is used to detect
modifications on files marked by ##DATAFILE keywords. the time/date
given in an entry's start and end marker specify the time period
during which the entry was made. as they are covered by the cleartext
signature they cannot be altererd later. to verify that an entry was
indeed made during the time period claimed, the verifier should check
that the time/date stated in the corresponding stamp is reasonably
close to the time/date of the end marker. it is, however up to him to
decide what "reasonably close" means (minutes/hours/...). to decide
whether to trust the stamp issued by stamper.itconsult.co.uk please
consult their web page (http://www.itconsult.co.uk/stamper.htm).

it becomes impossible to insert a new item in the middle of the file
because the detached signature of item n includes the stamp of item
n-1. however, if somebody deletes everything from the end marker n
(including it), the person could then change item n, and then
generate a new end marker and stamp. i believe that this scenario is
unimportant as the new stamp n would bear the date of when it was
issued. thus a falsified priority claim could hardly be manufactured
like this. also on accounts where regular (dayly) backups are made
such a modification would be noted.

the 'electronic logbook' can be shared among different users as it is
unimportant whether all detached signatures to be signed by
clear@stamper.itconsult.co.uk are issued by the same key.

so all you need for this 'electronic notebook' is:

- - a text editor
- - gnupg (/ pgp)
- - a secret key
- - stamper's public key
- - access to email

for those wanting to play around with the idea i have attached some
bash/perl scripts that automate the basic tasks (yes i know they look
awfull). ideas how to automate sending the detached signature and
retreiving the stamp are wellcome. simply piping it into mail does not
work as i cannot receive email on my working computer and i do not
seem to be able to specify an modified from adress.

- --=20
Dr. Ivo Alxneit
Laboratory for Solar Technology   phone: +41 56 310 4092
CH-5232 Villigen                    fax: +41 56 310 2624
Paul Scherrer Institute          http://solar.web.psi.ch
Switzerland                        gnupg key: 0x515E30C7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/Mp5OAd7CE1FeMMcRAj1NAJ4qi1snwjKWnWof6zTVAf24MUQGOwCgigpg
wSe6RISXko4vaSlivm1f+XA=3D
=3DsWnz
-----END PGP SIGNATURE-----

--------------Boundary-00=_PRI9M859OYEC1IVTKW33
Content-Type: application/x-tgz;
  name="scripts.tar.gz"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="scripts.tar.gz"

H4sIAMWbMj8AA+0b/VfbOJJfk79CGO8LUILjQOAKG/boQXncuy28pXu/NDQYWyE+HNtnO1Be2/3b
b0Yftuw4JFA+du95XgtYGs1II2m+JFmO048TaxQuPB+0zFZru9NZaAFsb23mfgO0W9vbC/Df3OyY
na1NwDPbW1vbC6T1jH1KYQyjjwhZsLwvPnWTqXiz6v+isLRoXLq+cWnFw/pSfYnc0Ch2A5+Y6y32
PY7pDrHkIiH8pxdcDVyPMgT6JYksO4lJMqQkcUdU4AyiYMTKYuuGOoSOLNfjVdDI8h0kGhM3IUnA
0CTNujsgn4i+RJo+JW1yvou1fr1G7WFAtJEbx65/RUIrskY0oZEma8i9XUW0L8DMrA9cwWKRNAdE
N4sceDMoF6zyLS0/vqVR9+IqoiHR3uMYcWA0+jtrR6N1N7EDPx57ybodrI+vNSB1wRlqOm+tkS7R
tCJf17+xPNchkv/UHk/IRAwRa+7tc4Iz0DShH22trEtNhMMPB+T06JScHR992P/4+2+HrHSit7yX
ludF1HLuUOowxzCTWV/yfeCtGK13h0fHH1Iehwfk18Ozs/0jyWiPJKOwz5aCbSU4Ed9IDMRJw1wz
ZhMwnAbZU2jUoafJOIYZC69Is8m/mgOHmPAFi90d3KXIpL1nOPTG8MeeB1zZHB+dnBwAG/i0bq9J
42sYuT70qv29IUSoc5IoQIE7ISxlV0BjehW5yR2xh9S+Jqf7Z2eHByArHGvaj2+EDblJyY6FPxvG
556/qhtfdWf3w+6l1WCF3xsEh6q369SL6RzM3u8f/wvEdesmQ8J7vSO7r5U0B9F/OPnI51ZjsxiN
MsHC37pZf231VcEPgg0bOKH9eGiZz8Zjhv03zU5Lsf9bgL9httqV/X8JWFokxjiOmBMA5ssrOgHr
JpToAx+sLag4ff+3o39/ap3v1jO119qtByH1l09+//ge9MuaxrG1ld367RC12fLPompvhXyt19zB
svF5aelg/+M+FhKDldZ0z/VpV+/vwt9qfS9+s9w7e7NiYAVjdHp8ClyYukLrgIygOSql7s9Yt4ff
thfElKGyakAOlxkO+4Q+MH6k+wdRma2v7pBPrebb/Xf/ODh8fz7zT9H3mrAKSBLJfyeokXkVGIll
NNuMNxYRDmkrTZGFtlvPqmvxXZzQ0bLGTRfDbo7AQ4C9yumpBouLIce6hAFv5gQ0Jn6QgPPmxsli
z9dY21o2qSYnVmf/U5qya2K4fdZbwPher3N5i4mGrjDbvywIwvdrr/MKyoH6Th+88X7sXvl9F5bb
M/CYof83Opumov8hFjQ3N7Zalf5/Cbgn/mOqX0SAE8skFwPGFOI/QCGsZmRF1zQiQMSz4oSXub7S
IBfiTQRgzNQEgzSUQD115d5QvxjqTe3T/MFeGq6YBZ2YJ7EEPjBXu0OQEw5GUanIOa7bzF/OQpfM
rcrc+j30mEU8ov+S86ZzoUST/ndSLDSKAhCqbY8jCA24ZYVuYTCc9QwisGLPUqnxGAAjbzuIImon
yqSA6SoTHfCKqJ8w4fb9NOwFgwlA1lcv6RXQYKJHo3he+KFrzECLuLMQQZktDKHCiN64wTieyiJd
VY9kgOvTDkahFVEYr5u4lofJg4RHQZeWfT0OOYZn4VjAWo99DJz8BLaB5a2QUeC4AxfiM/iOiUMT
EB11gG4uPG36RIMAtUw0ekGMRpiLchPLViM/JGautR0clg14MthK8Xmfuxd8VnVTkz2gEJYbveX1
1Z7RW8Hfem/F6JnrvbaRxfu8NYv3sWm6yATVdZ3NvEwZwMgHhC8QjgC8bm3BELiR1Rb/ZxiTKYXF
sjRHELkgGDkJyjbX2RIml5T6QuTUWUwXLy4DoVdwBeOWh60Cc4oR6shyaIoZetQCZyWiceDdUFjr
/sBzYbEP3AiU0eUdEekZ3DhiTOoAgQ4Imwla2QmySOQx2CRrLPg2eRFOP5/6YvGFA4rgQi3UyDRI
F3txyeSI5tnXmeOLeMVGUs8WinHqMepSpoYrr4n2PK2A9jER+xKHmXWyuHm1bDvExg6sP8O4qNc8
mrB8EUx3l/Dfb4gpUh5pg4a51tBZbQMzOJOdYXoYth+Qo5h4IkkE257Nomf51wR975gASexfwFct
36LF8X+bM7myx73lep3737DzLXvYxKUHX1Y0AnWsp6mQYnexjFW+toGfAUxZ9mETXgbB9TPxmJn/
N7cy/w9zAeZGZ7vy/14E5sr/5xYJkb8/ibV+zhAjOgpuYAdmCcSYnwFI9AHsF0YI9qwkDX5HGITc
soLvEofUxoSsLMImXhjVU6Su1gyIHbpdc5vAXx789TdN8Sevkskjg9soACXhj0eX6JQOsqODmLuV
EKUurRR9S2mV0jGW+JTI0EsmPbVnYzjFiZ3tME/MX4mrl1PGxufZmXbdWBNo5WcGOkvFZ4n4VGbg
3SqTxIvbbO7evn2bVdSkS6i3oadeHi9FS9MlEltr8bOHfIMSsmAEBSasQ6WQl4JManlrK3YBdw0K
6XrhAQr3T3h/PUa1R3RBnAlMIICRmqwO0aSrXIrmXqnjtnl0k/VCqcQJhX2j7i6lFm2T8qn6lq+t
jSp4aWAuV9+nt8+V/FmYaf83O1vK+X/HRPu/vVXl/18E5rL/+UWi2CoIqM+zDBAg5DJAatIHI2tE
J660ghDsxRSCMSczkGvEYkSUVjFnjikPDNgtMqQQ7fEokPHCUCaXU3oyH+DeUT+3P/BQ5nioj5Ed
1msF61rwGgQjGXVb4gyf5b1iDLkl8aIRfArQeBZMkp0aCj8M0mg4pfvPYBz5lrfz1HRPbn0a/SDV
MrqnUfAfaidP3t+ngYruC9N9wu3G6aoOrqkJ97E8qpgjN57TEJP3i0ztQhDPZwPnu2FUINiWSU7U
/Ej/W9HbVpzp0iyxEV6wM9977mDVyvOMym0YefNMTZpjFiuTRY0LVZJ6WFsUJP5/ZHa3NiO9q+Z3
GZ/UMIgcaIZpD0eBQ7ZaLVnHG4gcoSziWJsq1jPn8tPM4ufWapZYzJKaRfY8y5hdPsvth4ckbVkf
BlPTtkqm/6fWptPztTSkm561fW23LwV+Be4Znf+Fmf5/p7WlnP922uj/tzer+78vAnP5/8oiIb7v
585+WZ1L+f3f7MYh+Lkp+uWdoIA6kF0JTo9vYOdAAQYQ/ELpANxifluR6UsIKlKSxYPjh98NLg4D
x8CuKj3ZVVveP7N4gsuSa+0sT9SYkThb0xfDhjz7qyl3Z6fZzj2JO8dt18fcdK2l+hLdhx2iybzd
fZdfH3D7VVjOH7zBijMgtTKKXEnOgcibpCSnmQnRWJMY5UI2Fh1pghoxoBqG8tndONCNrlryGYpY
yR6udiVrqHRqzhvNCmMdU6pgm6y5ZloyJtjiwVM+9wRzgTMe803wPQ1mTnBNbGJ254FLIj2vhT8y
WcMHq1Y8XdyY07PMZpY0NufJMpvaRIMpWWazNMtsigFBne/0QysBjeV3s+NVTXoRZfqjoelKK60x
MxcfNrJF1+YnrCn5OZZS6tE8WnFICn9i5aHqjnTAfyb9gYfK6eE+93/FCsC7uTBd7FydC1dWlK/4
rqzP1nC+QfnSx3Uv19yUllMb5luK3cC3QlaBG2LaVpiyD9Q9MLEtJpa9YlJVl5wXP0ipPsqO/gWU
arkuTc+VXtthreBJQZn5Z+Mx6/1Hu628/+hssPcfG1X89yLw2PcfT/Lmo/ydB9dkhSch/H2HbpY/
5sg9sODPRAh/J0Lmez0hn5HURH5QeUlSfEoiUVB9q083yDoRNbv83ceyRIRgkA1lJf8sg4+TdWWH
KW7WqXJtL59olD3vmI8ONwKCzvfCI5UHUTr+9fTk7Oz4HcyZ6FWuedounzUmln83CiKa9aD03chr
74cKKqigggoqqKCCCiqooIIKKqiggv83+B/taiVIAFAAAA==

--------------Boundary-00=_PRI9M859OYEC1IVTKW33--