Timestamp of Plan ₿ Academy diplomas

Feb 4, 2025

157

Feb 4, 2025

If you are reading this, there is a high probability that you received either a ₿-CERT test certificate or a diploma of completion for one of the course you attended on planb.network, so congratulation for this achievement!

In this tutorial, we will discover how Plan ₿ Academy issues verifiable proofs for your ₿-CERT test certificate or any Diploma regarding Course Completion. Then, in a second part we will describe how to verify the authenticity of these proofs.

Plan ₿ Academy proof mechanism

At Plan ₿ Academy, we cryptographically sign certificates and diplomas, and time-stamp them using the Timechain (i.e. The Bitcoin blockchain), through a proof mechanism that relies on two cryptographic operations:

A GPG-signature on a text file that synthesizes your achievements
The timestamping of the same signed file via opentimestamps.

The first operation enables you to confirm the issuer of the certificate (or diploma), while the second operation allows you to verify the date of its issuance. We believe that this simple proof mechanism empowers us to issue certificates and diplomas with undeniable evidence that anyone can independently verify.

Thanks to this proof mechanism, any attempt to alter even the smallest detail of your certificate or diploma will result in a completely different SHA-256 hash of the signed file, instantly revealing any tampering, as both the signature and the timestamp will no longer be valid. Moreover, if anyone attempts to maliciously forge certificates or diplomas on behalf of Plan ₿ Academy, a simple verification of the signature will expose the fraud.

How does the GPG-signature work?

The GPG signature is generated using an open-source software called GNU Privacy Guard. This software allows users to easily create private keys, sign and verify signatures, and encrypt and decrypt files. For the purposes of this tutorial, it's important to note that Plan ₿ Academy uses GPG to create its private/public keys and to sign all ₿-CERT Certificates and Diplomas of Course Completion.

On the other hand, if someone wants to verify the authenticity of a signed file, they can use GPG to import the public key of the issuer and verify it.

For those who are curious and want to learn more about this fantastic software, you can refer to "The GNU Privacy Handbook"

How does time-stamping work?

Anyone can use OpenTimestamps to timestamp a file and obtain verifiable proof of its existence. In other words, it does not provide proof of when the file was created, but rather proof that the file existed no later than a specific moment in time. OpenTimestamps provides this service for free by utilizing a highly efficient method to store proof in the Bitcoin blockchain. It employs the SHA-256 hash algorithm to create a unique identifier for your file, and constructs a Merkle tree using the hashes of the files submitted by other users. Only the hash of the Merkle tree structure is anchored in an OP_RETURN transaction, ensuring a secure and compact way to verify file existence. Once this transaction gets into a block, anyone with the initial file and the .ots file associated to it can verify the authencity of the timestamping. In the second part of the tutorial, we will see how to verify your Bitcoin Certificate or any Diploma of Course Completion through a teminal and through a graphical interface on the website of OpenTimestamps.

How to verify a Plan ₿ Academy ₿-CERT certificate or Diploma

Step 1. Download your Certificate or Diploma

Log into your personal/student dashboard on planb.network.

Go to "Credentials" by clicking on the lefthand-side menu, and select your exam session or your Diploma.

Download the zip file.

Extract the contents by right-clicking on the .zip file and selecting "Extract". You will find three different files:

A signed text file (e.g. certificate.txt)
An Open timestamp (OTS) file (e.g. certificate.txt.ots)
A PDF certificate (e.g. certificate.pdf)

Step 2: How can you verify the Signature of the Text File?

First, go to the folder where you extracted the files and open a terminal (right-click on the folder window and clik on "Open in Teminal"). Then, follow the instructions below.

Import Plan ₿ Academy public PGP key with the following command:

curl -s https://raw.githubusercontent.com/Asi0Flammeus/pgp-public-keys/master/planb-network-pk.asc | gpg --import

You should see a message like the following if you successfully imported the PGP Key

gpg: key 8F12D0C63B1A606E: public key "Plan ₿ Academy (used for Plan ₿ Academy platform) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

NOTE: if you see that 1 key has been processed and 0 keys have been imported, it likely means you have already imported the same key previously, which is perfectly fine.

Verify the signature of the certificate or diploma using the following command:

gpg --verify certificate.txt

This command should show you details about the signature, including:

Who signed it (Plan ₿ Academy)
When it was signed
Whether the signature is valid or not

This is an example of the result:

gpg: Signature made lun 11 nov 2024, 00:39:04 CET
gpg:                using RSA key 5720CD577E7894C98DBD580E8F12D0C63B1A606E
gpg:                issuer "[email protected]"
gpg: Good signature from "Plan ₿ Academy (used for Plan ₿ Academy platform) <[email protected]>" [unknown]

If you see a message like "BAD signature", that means that the file has been tampered.

Step 3: Verifying the Open Timestamp

Verifying via a Graphical Interface

Visit the OpenTimestamps website: https://opentimestamps.org/
Click on the "Stamp & Verify" tab.
Drag and drop the OTS file (e.g. certificate.txt.ots) into the designated area.
Drag and drop the timestamped file (e.g. certificate.txt) into the designated area.
The website will automatically verify the open timestamp and display the result.

If you see a message like the following, the timestamp is valid:

The CLI Method

NOTE: this procedure will require a running local Bitcoin node

Install the OpenTimestamps client from the official repository by running the following command:

pip install opentimestamps-client

Navigate to the directory containing the extracted certificate files.
Run the following command to verify the open timestamp:

ots verify certificate.txt.ots

This command will:

Check the timestamp against the Bitcoin's blockchain
Show you exactly when the file was timestamped
Confirm the timestamp's authenticity

Final results

The verification is successful if both the following messages are displayed:

The GPG signature is reported as "Good signature from Plan ₿ Academy"
The OpenTimestamps verification shows a specific Bitcoin block timestamp and reports "Success! Bitcoin block [blockheight] attests data existed as of [timestamp]"

Now that you know how Plan ₿ Academy issues verifiable proofs for any ₿-CERT Certificate and Diploma, you can easily verify the integrity of them.

Did this work well for you?

Author

This tutorial has been written by Marco Giorgetti

Marco Giorgetti is an expert in Open Source and a Bitcoin enthusiast. He has taught at the Business School of PlanB.network and co-founded two Bitcoin meetups. He is also an expert in e-commerce and PXM (Product Experience Management), as well as a lover of interesting conversations and good professional relationships.

bitcointechnology

Credits

This tutorial has been proofread by Asi0Flammeus

1/3Proofreading status

Even if this content is in its original language, human review is necessary to ensure its accuracy.

Asi0Flammeus787 sats394 sats

*Rewards may vary based on the $ exchange rate

Every content on the platform is the result of a collaborative effort: each lesson, translation, and revision is made possible by the work of contributors. For this reason, we are always looking for proofreaders who can review our content in many languages. If you want to participate in the proofreading process, please reach out in our Telegram group and read our tutorial. We remind you that this content is open-source - licensed under CC BY-SA - so it can be freely shared and used, as long as the original source is credited.