Factomize Add-on Info

What is the Factomize Xenforo Add-on?

The Factomize Xenforo Add-on creates immutable receipts of forum activity on the Factom blockchain. This provides proof that a forum post has existed in its current form since at least the time the corresponding entry was made on the Factom blockchain.

Who built it?

Two Authority Node Operators, Factomize, LLC and Canonical Ledgers, LLC, partnered to create this forum plugin to add additional security to the defacto official Factom Community Forum and showcase the Factom blockchain for establishing data integrity.

How do I use it?

You can continue to use the forum as you normally would.

How does it work?

When you create a thread on a Factomized forum, a new chain will be created on the Factom blockchain. Whenever a post is made on a Factomized thread, a new entry will be appended to the thread's chain containing a hash of the post's content as well as some other metadata. While an entry is being processed, the post will have a badge that says "Pending". Once the entry has been created, the post's badge will change to "Secured".

How do I verify a post against its entry on the Factom blockchain?

Currently verifying a post is a somewhat technical process that requires reading raw data from the Factom blockchain using the factomd API. The following assumes you know how to do this using Curl or the factom-cli utility.

Clicking on the "Secured" badge above a post will expand a section below that post displaying all of the necessary data to verify a post against its entry on the Factom blockchain. This expanded section shall be refered to as the "security section" of a post.

There are a few things to verify about an entry:

  • The entry is signed by the Signing Key established at the time that the entry was created. The public Signing Key can be found on the forum's Identity Chain, which is linked at the top of every thread. An entry made by this add-on will have the signature type in its 1st External ID, and the the raw signature data in its 2nd External ID. Currently we use OpenSSL to generate RSA-SHA512 signatures. See below for more information about determining the current signing key.
  • The entry's content is exactly equal to the minified JSON displayed in the text box labeled "Entry Content" in the post's security section.
  • The value of the message_sha512 field of the JSON in the entry's content matches the SHA512 hash of the raw post data found in the text box labeled "Raw Message Content" in the post's security section.
  • If present, the value of the title_sha512 field of the JSON in the entry's content matches the SHA512 hash of the raw post data found in the text box labeled "Raw Title Content" in the post's security section.

How do I determine the public Signing Key from the Identity Chain for a given block height?

Identity Chain

All entries made by the Factomize add-on include an RSA-SHA512 signature in their 2nd External ID. This proves that the entry was made by this forum, and not forged by someone else. The public Signing Key used to sign entries is published on an Identity Chain established by the forum administrator when the Factomize add-on is first installed. The Identity Chain is a chain on the Factom blockchain that allows a forum administrator to rotate the Signing Key by establishing an Authority Key in its first entry. The Authority Key is kept secure offline by the forum administrator, and is used to sign and establish new Signing Keys.

For a given well-formed Identity Chain and a given DirectoryBlockHeight, a Signing Key is valid if and only if all of the following conditions are met.

  • Its public key is published in the content of the MOST RECENT entry on the given Identity Chain as of EITHER the DirectoryBlockHeight OR DirectoryBlockHeight - 1.
  • The entry in question is NOT the first entry in the chain.
  • The entry in question has an External ID that contains a valid signature of the entry's content by the Authority Key of the given Identity Chain, where the Authority Key is the public key published in the content of the first entry on the Identity Chain.
Note that according to the first criteria there can only be one valid Signing Key at a given time, EXCEPT for ONE block of overlap when a new Signing Key is first published.

In other words, to verify the signature for an entry, start by determining the block height at which it was created. Next determine the latest valid public Signing Key entry on the Identity Chain as of that block height and as of the preceding block height. (This will normally just be a single entry unless a new public Signing Key entry happened to have been published at the same block height as the entry in question. Also, remember that for a Signing Key entry to be valid, it must be signed by the Authority Key established in the first entry of the Identity Chain.) Finally, if the signature of the entry in question is verified against the public Signing Key(s) you just determined from the Identity Chain, then the entry is valid.