Comments (17)
Our Proof Check online tool is nearly ready for public beta: https://proofcheck.gpfs.link/ and you can just direct people to use it. There is also a simple bash script version: https://gitlab.com/guardianproject/proofmode/proofmode-android/-/blob/master/docs/verify.sh
We may need to do some debugging to make sure the version of the proof bundle Signal-ProofMode is generating matches what we expect (since there isn't any opentimestamps, google safetynet notarization etc)
If you are talking about doing it "in app", then some form of the 3LV - Integrity, Consistency, Synchrony - should be used.
- Verify the PGP signatures. We can build an easy method for that into libProofMode
- Verify that the output of the MobileCoin notarization can be matched with an on-chain record
- Display to the user a summary of the where/when details in the proof so they can see if the visuals match their expectation "This was captured in the Signal camera on January 2, 2023 at 2:22pm in London, UK"
This is a good start!
from signal-x-proofmode.
Our Proof Check online tool is nearly ready for public beta: https://proofcheck.gpfs.link/ and you can just direct people to use it.
Sadly, both Max and I get an "unknown error" upon trying to upload a ZIP. Unless there's been a release in the last couple of days, we're stuck :)
Just taking the 3LV method the other way round:
- Display to the user a summary of the where/when details in the proof so they can see if the visuals match their expectation "This was captured in the Signal camera on January 2, 2023 at 2:22pm in London, UK"
I invite you to check out "Verifying Proofs" on Mural or Issue #34 for an update on the custom reception UI we're building for this. Very excited about it!
- Verify that the output of the MobileCoin notarization can be matched with an on-chain record
This got paused for now, so we won't be able to carry out this check in an MVP version.
- Verify the PGP signatures. We can build an easy method for that into libProofMode.
That sounds like something we really want to do. When do you think this can be done, and what would the ProofMode API call look like?
@maxSafronovForte, take note of this for your information :)
from signal-x-proofmode.
Our Proof Check online tool is nearly ready for public beta: https://proofcheck.gpfs.link/ and you can just direct people to use it.
Sadly, both Max and I get an "unknown error" upon trying to upload a ZIP. Unless there's been a release in the last couple of days, we're stuck :)
I think the tool is expecting out standard Proof bundle format, and needs to be more flexible in working with what is there. Otherwise, I think the main issue is like the public key not being integrated into the proof zip.
- Verify the PGP signatures. We can build an easy method for that into libProofMode.
That sounds like something we really want to do. When do you think this can be done, and what would the ProofMode API call look like? @maxSafronovForte, take note of this for your information :)
Working on it today. We have the code already elsewhere, just need to expose the call in the API.
from signal-x-proofmode.
android-libproofmode library has been updated to 1.0.23 and includes a new helper method verifyProofZip which you can see use of in our test class here: https://gitlab.com/guardianproject/proofmode/proofmode-android/-/blob/master/android-libproofmode/src/androidTest/java/ProofmodeGenerationTests.java#L109
We’ll work on a better sample and documentation tomorrow, but in short, you provide it the hash of the media file, and inputstream to the media file bytes and an inputstream to the zip file bytes.
1:03
Inside, it will use the hash to match signatures in the proof zip, and verify all the signatures.
1:03
this is the “Integrity” check of our 3LV process, so just one piece, and ultimately we may rename this method integrityCheck but for now it is fine to use!
1:04
In order to get the hash from the media file byes, you can see this line in the test class: https://gitlab.com/guardianproject/proofmode/proofmode-android/-/blob/master/android-libproofmode/src/androidTest/java/ProofmodeGenerationTests.java#L99
from signal-x-proofmode.
We are also updating our web-based proofcheck tool to be more tolerant of bundles that do not contain OpenTimestamps or Google Safetynet notarization files.
from signal-x-proofmode.
It appears adding the pubkey now permits the use of the automated tool.
New error in the JS console: KeyError: 'Device ID'
:( cc @n8fr8
from signal-x-proofmode.
Now that we can generate our own signal-x-proofmode bundles, should be easier to debug!
from signal-x-proofmode.
@n8fr8 Did you have a think about this issue, perchance? It would be nice to be able to QA our bundles...
from signal-x-proofmode.
Working on it this week. Already put the request in to the team to test against these bundles to ensure compatibility, while flagging gracefully what might be "missing".
from signal-x-proofmode.
I believe today's commits have made the issue mentioned above go away.
@maxSafronovForte Here's what we now have:
- Media signed
- Proof data present and signed
- OpenTimestamp verified
- SafetyNet verified
- C2PA verified
And the detailed message:
"root":{1 item
"summary":{1 item
"error":string"No media files found"
}
}
from signal-x-proofmode.
Maybe we should add the photo in the bundle as well.
from signal-x-proofmode.
In which format we need to put photo in bundle ?
from signal-x-proofmode.
Ah right, the photo! That's the problem. I thought that was already happening.
The photo should be the saw raw bytes that you used to generate the proof hash. Do not re-encode.
from signal-x-proofmode.
Maybe fixed by #64
from signal-x-proofmode.
🎉
from signal-x-proofmode.
Woohoo! We'll have to add-in "MobileCoin notarization" verified soon as well...
from signal-x-proofmode.
Thanks for all the work Nathan – glad we did this, was really helpful today.
from signal-x-proofmode.
Related Issues (20)
- Proof UI: display date photo was taken HOT 1
- Update android-libproofmode library in custom Signal app HOT 1
- Proof UI: use dark background check mark HOT 1
- ZIP filename should be the hash of the ZIP HOT 6
- Symbolology: Swap lock icon in favour of...?
- Include thumbnail of photograph in local settings HOT 2
- Copy tweak: replace "CID" with "hash" HOT 1
- Remove "share basic/ robust" buttons HOT 1
- Easy, lightweight way to surface the actual CID instead of the hash? HOT 5
- Show Proofmode internal validation in "see more" HOT 9
- Add photo to ZIP, so it validates HOT 2
- Replace placeholder in "see more" with real data HOT 1
- Error: Unauthenticated
- Regression: missing PGP signature HOT 1
- New copy at top of "See more"
- Include a light theme for local settings page
- Sending to several contacts (not possible right now)
- Capturing media from inside a conversation (not possible right now)
- Disable uploading/picking from gallery?
- Capturing several photos
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from signal-x-proofmode.