How It Works
How does CodeNotary work?
When notarizing digital objects using CodeNotary, you basically create a transaction in a distributed ledger (DLT) that contains your unique identity, the digital object unique identity and the chosen trust level.
The identities are globally unique and the transaction (including timestamp and trust level) is written to an immutable storage. That enables indelible proof if you trust or don’t trust a digital asset.
What sounds complex, is very simple using CodeNotary. It’s like renaming a file in Windows or cloning a source code repository on Linux.
Why should I notarize?
In a completely isolated world, without any network connectivity or physical access to your computer – you don’t need to notarize anything.
For some decades the opposite is true. Not just your computer is connected to the internet or network, also your phone, your watch, your scale,… pretty much everything is connected somehow.
That also means you don’t really know if
- an installer you downloaded is the one you intended to download
- the pdf document someone sent you might be tampered
- the github repository you cloned to use in your application just changed some days ago and contains some malicious parts
- the docker container you’re pulling to run your stack has been changed and contains a backdoor now
Or maybe you just want to make sure that the media file, word document, application, the source code, the configuration files you’re currently using are compliant and you can automatically notice if they have been changed in any way.
You might want to trust new versions of your software, but unsupport old ones. All of your user can manually or automatically check that status change instantly.
CodeNotary supports all of these use cases and many more. It’s all about integrity, and trust or untrust for any digital asset.
Where are my files stored?
They are never touched or moved!
CodeNotary doesn’t need to upload, read the content or store the files to notarize or authenticate them. Our vcn command line tool only uses mathematical operations to calculate an unique checksum based on the file as a whole binary without actually reading the content line by line.
Same is true when using authenticate.codenotary.io as the calculation simply happens inside of your browser instead of the command line.
That way you:
- never disclose the file content content to anyone or any application
- never upload or transfer the file
- never change the file content or attach anything to it
- only transfer the unique checksum (that doesn’t contain any file content) and some metadata
Your files are neither read line by line nor uploaded or transferred. Everything happens on your local system command line or browser.
What happens to my notarized files?
Nothing at all!
Unlike signing with digital certificates, the CodeNotary notarization process, is 100% non-intrusive. There is no upload or storing of files, no change or attachment to the files.
You can think of the notarization like an additional ledger that tracks all trust transactions to the unique digital asset. The digital unique identity can be tracked and traced by you using CodeNotary without having access to the actual file or asset.
That provides many benefits:
- no redistribution when the trust level changes
- revocation of trust without physical access to the file
- revocation of trust happens based on the individual digital object, not the person identity
When does a digital asset change?
Whenever the content changes
The digital asset changes, when any content is being changed. Every additional character, every removed character, any changed byte of an application binary changes the globally unique identity we use at CodeNotary.
CodeNotary is designed from scratch to globally uniquely identity digital assets as they are. Any content change results in a new identity.
If these changes are intended, you need to notarize the digital asset again.
What can be notarized?
There are no limits when it comes to digital objects:
- any file or document
- no object size limitation
- complete folder including content
- source code
- git repositories
- git commit history
- docker container
- podman container
- kubernetes resources
How to get started?
You can find CodeNotary quickstart guide on our Help page.
If you have any questions that haven’t been covered in our quick guide, please also check our FAQ page.
Getting Started – Video
This demo video walks you through the steps of using CodeNotary’s
vcn Command Line tool for the first time.
Many Ways to Authenticate – Video
This video covers the 3 ways to verify the integrity of a digital asset using: 1) Chrome Extension (auto verification for every download), 2) Drag & Drop (onto authenticate.codenotary.io), 3)
vcn verify command (using the Command Line tool)
Start Free Trial
Click here to start your free trial that enables you to sign 200 different digital assets, the same digital asset 200 times, or any combination of the two. Authentication is always free for anyone, anywhere, at any time, regardless if they are a registered CodeNotary user.