How does Woleet guarantee data privacy?
Evidence generated without having to reveal the content of the files
One of the great features of the Woleet platform is that it is able to guarantee 100% confidentiality of customer data, but how is this made possible?
The digital fingerprint: definition
The digital fingerprint, also called hash or checksum, is a short sequence of digital data calculated from a larger block of data (e.g. a file or a message) allowing to verify, with a very high probability, that the integrity of this block has been preserved during a copy, storage or transmission operation.
So we can compute a fingerprint from any digital data, no matter how big it is. The result will always be a sequence of the same size.
It is very important to understand that you can generate a fingerprint from a file, but it is impossible to generate the initial data from the fingerprint.
How is a digital fingerprint calculated?
To obtain the digital fingerprint of a file, a hash function is used. The preferred hash function used at Woleet is SHA-2. In all cases the digital fingerprint is calculated on the client side:
- When using a web application like Woleet Sign or Proof Desk, it is the browser that calculates the fingerprint locally using Javascript code. This calculation is very fast for files of a few kilobytes and can take several minutes for files of tens of gigabytes.
- When using the API it is possible to calculate the fingerprint locally with any programming language; indeed, hash calculation is a basic function of all coding platforms. Tools like woleet-cli or ProofKeeper also calculate the fingerprint locally.
Woleet only needs the digital fingerprint of the files to make the proof
The digital fingerprint is the basis of the fabrication of the proof. If the proven document is modified, the digital fingerprint will be totally different and the proof will no longer be valid.
The blockchain proof made by Woleet corresponds mathematically to this fingerprint and to nothing else. The fingerprint is the starting point of the proof and Woleet does not need to know the content of the data.
By using this system, you are assured that no sensitive data leaves your infrastructure. You stay in control and greatly reduce the risk of leakage.
An exception in the world of digital trust
Other electronic signature or server stamping solutions require in most cases sending data to a third party platform. This simply means that your files end up on servers that you do not control. Servers that can be compromised, during an attack for example.
Another concern with sharing documents with a trusted third party is that downloading files is expensive in terms of bandwidth and can quickly become problematic if the data volumes are large.
Want to know more?