Verifying Off Chain Content

Last Edited:

I try to follow best practices to establish authenticity of any digital assets that are distributed off the blockchain (e.g., unlockable content). This page briefly explains my process and provides information that owners of my NFTs can use to help verify authenticity of such related content.

Background

When distributing additional content with NFTs my main goals are:

  1. Use pinned IPFS for decentralized distribution that is not tied to any one central server, etc, and will be available as long as IPFS continues to thrive.
  2. Hide the data from the public IPFS network so that only those who know the secret can access the contents (strong encryption).
  3. Provide proof that I am the author of the content and allow others to verify that the content they receive was authored by me (digital signing and verification).

Some things I’m not trying to accomplish:

  1. These are mostly multi-media assets so I cannot protect the content once decrypted by an owner (same problem as “right click save”).
  2. For the same reason, making this “token gated content” would not help because it’s easy to access once decrypted.
  3. I’m not creating new technology. I’m just doing the best with what’s currently available, and I’ll update as things evolve.

Process Overview

First, I make sure the content has some material that is dated and includes some personal notes from me so the contents are truly unique. Then I create an archive to distribute using a combination of RAR and OpenSSL.

  1. Create a RAR file using a strong password, strong encryption options, and recovery records for added reliability.
  2. Create a signature of the RAR file using a special private key that is designated for this purpose (stored offline).
  3. Publish the RAR password and (Base 64) signature in the NFT unlockable content metadata so owners can verify the download.

OpenSSL Example Commands

If you own an NFT that I’ve minted with unlockable content, you can verify the content using the openssl signature verification commands shown below.

openssl base64 -d -in signature.sha256.b64 -out /tmp/signature.sha256
openssl dgst -sha256 -verify public.pem -signature /tmp/signature.sha256 contents.rar

NOTES:

  • The NFT unlocked content will contain: the IPFS link to a RAR file with the content, the password for the RAR, a signature and public key that can be used to verify the downloaded content. The public key will be published on my website as well but everything needed should be on the blockchain with the NFT.
  • Many tools can uncompress RAR files but the WinRAR tool is the authoritative source implementation, is available on many platforms, and is the best tool to use.