How to make digital signature of documents with blockchain?

Question

I am aiming to create a website that requires user to login, upload documents and sign them using blockchain (single sign or multiple signs) just like signatura or blocksign.

I have seen both of the websites and have a little bit idea how they work. But it's the technical picture that I am not getting.

So as an intermediate python develop, I have some question. Please answer.

1. Overall flow from after uploading a document to my website before downloading if successfully signed by all parties (Technically).

2. How to generate private and public keys and Will I store them alongside user information?

3. How to interact to blockchain api. I already gone through the api but nothing make sense to me.

Answer 1

Phew, you've set yourself a tough goal for someone new at blockchain. Still, it is quite doable. I am going to answer your questions out of order, because that is how the code flows.

How to generate private and public keys and Will I store them alongside user information?

You should not be generating private keys. At the very least, use client-side code to generate them, if necessary. As for storage, you should not be storing them, either. Let the users store them client side, preferably in a dedicated wallet with an API like Metamask.

Unfortunately, your post implies that you mean the Bitcoin blockchain, and I'm not aware of any similar wallets with APIs for Bitcoin... Use the safest available Storage and encryption if you must, but whatever you do, do not send the private keys to the server.

Overall flow from after uploading a document to my website before downloading if successfully signed by all parties (Technically).

OK, Lets follow an example document signing step by step.

1. A uploads document to your website.
2. B signs document w his private key.
3. B uploads signed document to your website.
4. Your website hashes the signed document.
5. Your website broadcasts a transaction with the signed document hash as metadata.

Now lets say A wants to verify that B signed the document.

1. A downloads B's signed copy of the document.
2. A hashes the signed document, and compares it to the hash you provide.
3. A checks the blockchain for the transaction that includes the document hash.

If all three steps succeed, A can now be certain that B signed the document around the time of the transaction being included in a block.

How to interact to blockchain api. I already gone through the api but nothing make sense to me.

The normal blockchain.com API is not suitable for this use case. You do not have a fine enough control over the transaction content, which is needed to embed the document hashes.

I recommend you use a library like python-bitcoinlib or bitcoinlib-js to create the transaction, and use RPC to a node, to interact with the blockchain.

Answer 2

Document storage on Blockchain may impact its performance and hence not always recommended from a scalability perspective. Hence it may be a better idea to store the document in a decentralized - distributed file system like IPFS ( Inter-Planetary File System ) and then pass the reference to a Blockchain platform like Ethereum. In Ethereum you can design and develop a Multi-Signature Wallet with Proof of Authority kind of consensus algorithm and invoke a collection of smart contracts that can help you to author, edit, version, publish, archive and expire the document in a secure and scalable manner. Hope it helps. Let me know if you need any further details on this approach.