Skip to main content

Seal

info

This feature needs a Pro plan subscription.

Seal is a verifiable timestamp mechanism for cryptographically proving that a note is created before a specific time. The seal proof for a new note is generated in 12 hours after creation, and you can download it through the "Seal" entry in the note menu.

seal ui

Verifying proofs​

Proofs generated by Seal can be verified with the sealcheck tool.

$ ./sealcheck validate ./seal_proof.json
SealCheck: ./seal_proof.json
Validation OK. Certificate issued at 2022-06-01 01:12:23 +0000 UTC.

How Seal works​

Seal works by periodically rolling up Planet's event log into a Merkle tree and submitting the root of the tree to the Certificate Transparency public ledger by requesting a certificate for the domain name [root-hash].production.planet-seal.net. The architecture is illustrated below.

seal architecture

The structure of a proof​

The following is an example proof. The proof is valid - try checking it using sealcheck!

{
  "logValue": "{\"ts\":1653871071342,\"data\":{\"type\":\"create_note\",\"user\":\"zhy\",\"id\":\"2022-05-30-7e169a5dfddc\",\"origin\":{\"type\":\"web\"},\"note\":{\"realTs\":1653871071342,\"content\":\"https://ubuntustudio.org/ #shortcut\",\"private\":true,\"forwardLinks\":[]}}}",
  "rootHash": "vZBB2DFg8SS0LCu/CkDqPzYYnRXTPPQHvOuhFkYAats=",
  "domain": "xwiedwbrmdysjnbmfo7quqhkh43brhiv2m6pib545oqrmrqanlnq.production.planet-seal.net",
  "proof": [
    "AElz0vb1S8vdJo2QVOryxRaOutuUw3oFprF55UAjvw0S",
    "AeVdFN83O0QW43DqkHNreLNiZ6CgTvEi6kNtYGn0zxAh",
    "AD5A9aCfc83IoOc96BIEiQwgE1NQGd/GBdAEpyxjlMkX",
    "ABsLhSl5zWfscabxEjympsASlerDD3Dsbx8WTU2Grnwi",
    "AIFRX7NhUcBniuu96XAA/zAACxSVejBEmDkXiNAWP1mZ",
    "AKuostHnzK0jQWplkXgEFGQ+J0+mzwmOyVRplXQfydmt",
    "Ac7mgWiVLpN6bNN9GrRRgQKRM5qTKfQcNd1A5CU6fmVY",
    "Ab5q+HSS7DtMXxGeu9+IBvQ6ZBThOtKHRjS/bo33cxNf",
    "AIGtmYM9SzsmKhScFllg4zBzK4jOrr7uiLfzud7Q9CPr"
  ]
}

Field semantics:

  • logValue: The content of the event log entry.
  • rootHash: Base64-encoded root hash of the Merkle tree.
  • domain: The domain for which a TLS certificate has been issued and logged to CT. The first segment of the domain is the base32-encoded root hash of the Merkle tree.
  • proof: Base64-encoded Merkle tree inclusion proof. Each entry is 33-byte long:
    • Byte 0: 0 if this node is the left child of its parent, 1 otherwise.
    • Byte 1-32: The hash value of the sibling node.

Plausible deniability​

We want to ensure that seal proofs are purely voluntary. While a seal proof does prove the timestamp property, a third party shouldn't assume that if you have written something, you will be able to present a proof for it.

To achieve this, we only provide automatic proof retrieval for the current version of a note. Proofs for deleted notes and older versions of existing notes are not accessible.

Meanwhile, if there is a reason and you need to request the proof for a historic version, please send us an email at [email protected].