Prove Message Ownership

TL;DR

You can prove you wrote an anonymous message using a digital signature based on cryptography. This involves creating a unique ‘fingerprint’ of the message and your private key, which others can verify with your public key.

How to Prove You Wrote an Anonymous Message

1. Understand Digital Signatures: A digital signature isn’t like writing your name. It uses cryptography (complex maths) to create a unique code linked to both the message *and* your secret key. If someone changes even one letter of the message, the signature won’t work anymore.
2. Generate a Key Pair: You need two keys:
   • Private Key: Keep this absolutely secret! This is what creates the signature.
   • Public Key: Share this with anyone who needs to verify your messages.

   You can use tools like OpenSSL or GPG for this. Here’s an example using OpenSSL:

   openssl genrsa -out private.pem 2048

   openssl rsa -in private.pem -pubout -out public.pem

3. Sign the Message: Use your private key to create a signature for the message.

   openssl dgst -sha256 -sign private.pem -out signature.sig "Your Anonymous Message"

   This creates a file called signature.sig containing the digital signature. The SHA256 algorithm is commonly used for hashing (creating the fingerprint).

4. Share Your Public Key and Signature: Give the recipient your public key (public.pem) and the signature file (signature.sig). Also, share the original message text.
5. Verification: The recipient uses your public key to verify that the signature matches the message. They’ll use a tool like OpenSSL:

   openssl dgst -sha256 -verify public.pem -signature signature.sig "Your Anonymous Message"

   If the verification is successful, it will output something like Verified OK. If not, the message has been altered or wasn’t signed with your private key.

Important Considerations

• Key Security: Protect your private key! If someone gets hold of it, they can forge signatures in your name. Store it securely (e.g., password-protected file, hardware security module).
• Hashing Algorithm: SHA256 is a good choice for the hashing algorithm, but newer algorithms like SHA3 are also available.
• Message Integrity: Ensure the recipient receives the *exact* original message text along with the signature and public key. Any changes will invalidate the signature.
• Complexity: This process can be complex for non-technical users. Consider using tools that simplify it, or seek help from someone experienced in cryptography.