Signing and proving emails

A stamp

Woleet has released an Outlook add-in allowing to create and verify proofs of existence and proofs of signature for emails and attachments.

Using this add-in, you can:

  • Timestamp an email or attachment
  • Verify the timestamps of an email or attachment (whoever timestamped it)
  • Sign an email or attachment using a highly secured Ledger Nano S hardware Bitcoin wallet
  • Verify when and who signed an email or attachment (number of signatures is not limited)

A proof of existence is a self contained cryptographic proof (available as a JSON file compliant with the Chainpoint format). This proof links the digital fingerprint of the data to a Bitcoin transaction. It allows to prove that the data existed at the time of the transaction.

A proof of signature is similar: it is proposed by Woleet as an improvement of the Chainpoint format. It links the digital fingerprint of the signature of the data to a Bitcoin transaction. This link allows to prove that the signature (and the signed data) existed at the time of the transaction. Signatures are created using the Bitcoin signature scheme. So signing can be performed using a regular Bitcoin hardware wallet like the Ledger Nano S.

Generated proofs can be verified with no intermediary, not even Woleet (since the Bitcoin blockchain is a public ledger). Various open source tools exist like btcproof.info and Woleet ProofDesk.

Creating a proof of existence or signature for an email or attachment doesn’t modify nor leak the content to the email or attachment. The digital fingerprint is computed client side by the browser, and the original content cannot be recovered from it. Because digital fingerprinting is a one way function.

How do I prove or sign my emails?

First, create your account on the Woleet platform.

Then, activate the Woleet add-in in Outlook: Click on the « Settings » icon, choose « Manage add-ins », search for « Woleet » add-in and switch it on.

If the add-in is not available on the store, you can also install it manually:

Click on the « Settings » icon, choose « Manage add-ins » « Click-here to add a custom add-in » « Add from URL » and paste this URL: https://msoffice-plugin.woleet.io:8440/manifest-officeblock.xml

Once the Woleet add-in is activated, a new Woleet icon shows up on your emails. Clicking on the icon opens a sidebar allowing you to:

  • « Timestamp » the email or its attachments (meaning to ask for the creation of a timestamped proof of existence of the email)
  • « Sign » the email or its attachments (meaning to ask for the creation of a timestamped proof of signature of the email). NB: signing is only supported on Chrome and Opera.
  • « Verify » the email or its attachments (when this email was timestamped or when and by who it was signed).
Example of a signed and timestamped email.
Signed and timestamped email

To timestamp or sign an email, you need to connect Woleet’s add-in to your Woleet account by signing in. Note that timestamp or signature creation is not immediate. Therefore, it can take up to 24h for the timestamp to be created and verifiable.

Note that the add-in doesn’t need to be connected to your Woleet account to verify a timestamp or signature. This allows emails to be freely verified even by people with no Woleet account.

Can I verify an email or attachment outside Outlook?

Yes!

By selecting « Extract » -> « Extract mail » or « Extract attachments » you can download the raw data. You’ll see that it is effectively timestamped or signed (ie. the digital fingerprint recorded in the proof is computed from this raw data).

In the case of emails, the raw file is a readable JSON file containing all the data required to identify the email uniquely: body, subject, date, from, to, message identifier, etc. In the case of attachments, the raw data is the attached file.

You can drop these files  -and their associated proof receipts that you can download from your Woleet account (provided you created them) -  in any Chainpoint compatible proof verifier to check their timestamp or signature.

Limitations

Signing emails and attachments requires to use a Ledger Nano S. These devices are currently only supported by Chrome and Opera browsers. On other browsers like Edge, Firefox and Safari, timestamping and verifying emails and attachments timestamps or signatures is available, but signing is not proposed. 

Coming soon: signing emails and attachements will soon be possible using the Woleet.ID mobile application.

Currently, an email that is forwarded by Outlook can no longer be verified by the receiver: this is because Outlook inlines it in the body of a new email, instead of attaching it. To bypass this limitation, you can extract the mail as a file, and attach the file to a new email. Than, the email will be verifiable the same way attachments are.