ROriginStamp - a simple interface to OriginStamp

DOI

Build Status Coverage Status

lifecycle Project Status: Active – The project has reached a stable, usable state and is being actively developed.

For the documentation see https://rkrug.github.io/ROriginStamp/

Overview

This packages allows to obtain Trusted Timestamps (TTS) from OriginStamp for R objects and files. To obtain the TTS, the sha256 hashes are calculated and submitted to OriginStamp

Background

What are Trusted Timestamps?

From Wikipedia

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper’s integrity is never compromised.

This allows you, “to prove that youare the originator of certain information at a given point in time” (from OriginStamp documentation).

Examples are to prof that you generated the data at a given time, proof that you had the data before anybody else, etc.

How is it done

I will cite from the OriginStamp documentation:

OriginStamp is a web-based, trusted timestamping service that uses the decentralized blockchain to store anonymous, tamper-proof time stamps for any digital content. OriginStamp allows users to hash files, emails, or plain text, and subsequently store the created hashes in the blockchain as well as retrieve and verify time stamps that have been committed to the blockchain. OriginStamp is free of charge and easy to use.

A detailed description on how their approach works, can also be found in their documentation.

Prerequisites

Before you can use the package, you have to get an API key from OriginStamp. For details, see their Get anAPI key documentation.

Installation

ROriginStamp is momentarily only available on github, so you have to install it by using devtools:

if (!require(devtools)) {
  install.packages("devtools")
  library(devtools)
}
devtools::install_github("rkrug/ROriginStamp")

Usage

This package makes it easy to obtain and verify a hashed object or file in R, after getting an API key as described above.

Once you have an API key, you have to make it available to the functions in the package.

This can be done by

  1. either set it as an environmental variable, by e.g. using
Sys.setenv(ROriginStamp_api_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")

or

  1. use the api_key() function to set the api key by running
api_key("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")`

or

  1. specify it in each call by using the key argument.

Obtain a TTS for an object or file

create_timestamp(
  x = obj, 
  comment = "This is a dummy test for creating a timestamp."
)

where obj can be an R object or filename, and the TTS is for the R object or the file the filename obj points to.

Download certificate for an object

get_proof(
  x = obj, 
  proof_type = "pdf"
)

will download a pdf certificate of the R object or filename, while

get_proof(
  x = obj, 
  proof_type = "xml"
)

will download an xml file which can be verified using an approach otlined on the OriginStamp website.

Dependencies

This package aims at minimizing the number of dependencies It has at the moment only three direct dependencies, which are not avoidable as curl (Ooms 2019) is used to access the OriginStamp API, openssl (Ooms 2020) to calculate the hashes, and jsonlite (Ooms 2014) to encode and decode the API communications. The dependency graph looks as followes:

Dependency graph

Ooms, Jeroen. 2014. “The Jsonlite Package: A Practical and Consistent Mapping Between JSON Data and r Objects.” arXiv:1403.2805 Stat.CO. https://arxiv.org/abs/1403.2805.
———. 2019. Curl: A Modern and Flexible Web Client for r. https://CRAN.R-project.org/package=curl.
———. 2020. Openssl: Toolkit for Encryption, Signatures and Certificates Based on OpenSSL. https://CRAN.R-project.org/package=openssl.