Table of contents
- โจ Introducing....
- ๐ Key Features
- ๐คฉ The TrueSecureSign Experience
- ๐ค Submission Categories
- ๐ฌ Submission Artifacts
- ๐ฅฒ Challenges: The Complexity of Crypto Modules
- ๐ค Conclusion & A Thank You to the Hackathon Organizers
TrueSecureSign was born out of the necessity for better control over our encryption and signing keys. In a world where big companies store and control encryption keys and signing keys, the potential for unauthorized signing and data manipulation is a concerning reality. Identity theft, deepfakes, and other fraudulent activities pose significant threats to our digital lives. To counter these risks, we need better tools that ensure data authenticity and privacy, while placing control firmly in the hands of the users themselves. This is where TrueSecureSign comes in.
โจ Introducing....
TrueSecureSign is the revolutionary solution designed to empower users and provide a transparent service that never takes control of your keys for signing. In a time where trust and data integrity are paramount, TrueSecureSign puts the power back in your hands, ensuring that only you can sign documents with your private keys.
๐ Key Features
๐จ Effortless Digital Signatures with Enhanced Security
Sign PDFs effortlessly using TrueSecureSign's intuitive signing process, providing legally binding electronic signatures that save time and streamline document workflows. TrueSecureSign emphasizes security and privacy by enabling users to manage their own encryption and signing keys. By ensuring that your keys are stored locally, and it never gets to our servers, we eliminate the risk of unauthorized access and maintain the highest level of security.
๐ Passkeys Integration for Convenient Authentication
To enhance the user experience, TrueSecureSign integrates with Passage, a secure password manager. Passkeys offer convenience, allowing users to authenticate quickly and securely without the hassle of traditional passwords. We believe that safeguarding your keys should be seamless and user-friendly.
๐คซ 1Password Vaults for Secure Key Snapshots
TrueSecureSign takes a unique approach to key backup and recovery. We leverage the secure infrastructure of 1Password vaults (using 1password CLI) to take snapshots of your keys directly from your local machine. These snapshots remain confidential, ensuring that our servers never gain access to your keys. Unlike other services that generate keys themselves, leaving users unaware of who holds the power to sign on their behalf, TrueSecureSign puts you in complete control.
โ๏ธ Easy PDF Editing
Seamlessly edit PDFs with TrueSecureSign's user-friendly interface, empowering you to make quick modifications without the need for complex software.
๐คฉ The TrueSecureSign Experience
๐ Landing page
๐ Logging In with passkeys (powered by passage)
๐ Uploading a new Doc
Let's upload a new file named StarshipUsersGuide.pdf
.
๐ฆพ User Dashboard
๐ Initializing the CLI (powered by 1password CLI)
Notice how we're taking a backup to 1password from the provided SERVICE account credentials. Please do note that we're not sending these creds to our server.
โ๏ธ Document Signing Process
We can notice that currently the doc is not signed.
Clicking on the focused button redirects to the page with detailed instructions. It suggest that we sign the document using the following command. Let's do it.
Running the document signing command on CLI
Notice that the document workshop is now indicating that the signing process has been completed.
We've incorporated a delightful enhancement to the signing process. When you sign a document, we've included a charming little watermark on top. This watermark proudly displays the author's email and the date of the signing. It adds a touch of visual flair to make the experience even more enjoyable!
โ Signed Doc Integrity Check (public)
We also have a free service to check the integirty of any doc. And incase the doc was signed by our platform TrueSecureSign we also show additional info.
Notice that upon uploading the newly signed document, I can view the public key and other details. Hence, my recipient has the option to visit this portal at any time to verify the authenticity of the PDF files supposedly originating from me.
๐ค Submission Categories
In our quest to make the world a better place, we've taken a multi-dimensional approach, targeting not just one, but three submission categories! We believe in spreading the love across various domains. Here are the categories we're aiming for, because hey, why settle for just one:
Most inventive use of the 1Password CLI: We've integrated the powerful 1Password CLI into TrueSecureSign, revolutionizing the way you manage and secure your keys. It's like turning a regular key into a magic key that opens doors to convenience and peace of mind.
Best use of Passage. Bonus points for creating a multi-platform app/service using Passage or extending Passage to popular tools: Passage, our trusted companion in password management, joins forces with TrueSecureSign. Together, they create a dynamic duo that not only secures your keys but also extends the power of Passage to popular tools and platforms. It's a match made in password heaven!
Best entry that delights developers: TrueSecureSign goes beyond ensuring security and privacy โ it's dedicated to making developers' lives easier and more enjoyable. As developers, we understand the challenges of managing design documents, UML diagrams, and ERD diagrams that are susceptible to tampering.
With just a simple command,
npx truesecuresign@latest init
, TrueSecureSign handles all the heavy lifting. It checks if your keys are present, and if not, it seamlessly retrieves them from your 1Password vault. If no keys are found, TrueSecureSign generates them, extracts the public key, and registers them. Now, we developers can breathe a sigh of relief, knowing that any tampering with our important documents will be swiftly detected.Let TrueSecureSign take care of the security aspect so you can focus on what truly matters โ building remarkable software and protecting your valuable intellectual property.
๐ฌ Submission Artifacts
TrueSecureSign CLI is published on npm, making it easily accessible for installation and global usage. The Next.js server for TrueSecureSign is available at https://truesecuresign.vercel.app/. Embrace a new level of data authenticity and privacy with TrueSecureSign.
๐ Web App
https://truesecuresign.vercel.app
๐ฅ๏ธ NPM CLI for secure signing of documents
๐ฉโ๐ป GitHub Repo
๐ฅฒ Challenges: The Complexity of Crypto Modules
Working with crypto modules presents its fair share of challenges. The multitude of formats, algorithms, and variables can be overwhelming, often leading to obscure bugs and unexpected results. During our development process, we encountered one such hurdle, spending a full day debugging an issue that turned out to be a simple key format mismatch. Converting the key from hex to base64 was all it took to resolve the problem. We share this to emphasize our dedication to overcoming obstacles and continuously improving TrueSecureSign for our users.
๐ค Conclusion & A Thank You to the Hackathon Organizers
In conclusion, TrueSecureSign stands as a testament to the importance of data authenticity and privacy. We extend our gratitude to the hackathon organizers from 1Password and Hashnode for providing the platform to showcase our project. We are committed to further enhancing TrueSecureSign, ensuring it remains a reliable and innovative solution for empowering users and protecting their digital interactions.
Thank you for joining us on this journey to a more secure digital world. Together, let's redefine trust and take control of our data with TrueSecureSign.