ReadNotify.com - Click here to return to the home page and main menu
ReadNotify Signature Verification  

ReadNotify Digital Certificate Signature Display & Verification


The following information is available on this page:-


 
Click to verify when this signature was made, and by whom.
See below for instructions how to verify the certificate to which this signature was attached.


­ You can look up any ReadNotify Digital Signature. Enter the serial number here:-
You can verify any ReadNotify Digital Signature. Enter the serial number here:-



­ All our signatures are themselves signed to produce our digest-signatures, which are then subjected to third-party time verification and simultaneously published on the internet on thousands of independent servers. To view your closest servers' copy of our most recently published digest-signatures, click news from the following list, or to view the published group messages on the associated Google(tm) news archive, click Google:   alt.computer.security.web-of-trust (news, Google), comp.security.pgp.announce (news, Google), alt.security.keydist (news, Google), gov.usenet.test (news, Google), aus.net.mail (news, Google), chi.mail (news, Google).   Click here, here, or here to view lists of other servers that also carry our digest-signatures.


­ The ReadNotify public key for signature verification can be downloaded from us here, or retrieved from a number of worldwide keyservers, including:- keyserver.pgp.com, pgp.nic.ad.jp, pgp.cc.gatech.edu, or you can go to www.openpgp.net to select a different keyserver from a list - search using our KEY ID shown below.


Here is our key ID and Fingerprint:
pub  720R/1D8ADDED 2001-07-07 ReadNotify TimeStamper
Key fingerprint = 72 72 F5 EA A9 03 19 B5  74 E0 A6 20 4A 02 2D FB
Key ID:

­Here is our actual public key:

­ Massachusetts Institute of Technology host this PGP page with more information about keyservers and public keys and related cryptography.



  • ­ What is a digital certificate?
    A Digital Certificate is a statement of one or more facts, which is rendered forgery-proof by a cryptographic algorithm. You can take any electronic information (for example - an email) that is digitally signed, and automatically verify the authenticity of the signature. If the signature is forged, or any part of the information (eg: email) has been altered, the signature will fail verification. There are numerous products on the market that can verify digital certificates, and many web sites providing independent certificate verification services.


  • ­ What is the difference between a certificate and a signature?
    A certificate is just a group of facts, usually written in English - much like any certificate you are used to seeing in the real world.
    A signature - or in our case - a digital signature - verifies that those facts have not been altered since they were made.   Digital signatures also contain the date and time they were issued, and some way to identify who made the signature.


  • ­ What do ReadNotify digital certificates mean?
    The digital certificates produced by ReadNotify.cominextricably link the date and time with additional facts, including one or more of:
    1. the actual contents of an email
    2. the header portion of an email
    3. the delivery status of an email (aka. "DSN")
    4. the opening status of an email, possibly also including:
    5. the IP address(es) on which the email was opened
    6. the apparent email address of the person openeing the email
    7. the domain name of the computer used to open the email on
    8. the email software used to open the email,
    9. the computer operating system of the computer used to open the email
    10. the browser version, features, and identification information of the computer used to open the email
    11. indication by the reader of the email of their understanding of the email content
    This means that anyone can verify a ReadNotify.com digital signature to irrefutably determine exactly when an email was sent, delivered, opened, and/or acknowledged.


  • ­ How do ReadNotify certificates prevent forgery of dates and times?
    All ReadNotify certificates are stamped with the date and time they were produced, together with a unique in-order serial number. All certificates are sent out to the sender and/or recipient, and additionally, the signature portions are published on our web site for anyone to read at any time. ReadNotify regularly produce an additional signature-of-signatures (that is - we digitally sign a list of preceding signatures, and produce a certificate to prove those signatures exist at a certain point in time). We call these "signature digests", and they are published in various locations on the Internet, as well as also being digitally time-stamped by other time-verification services.

    Ultimately, every signature produced by ReadNotify is inextricably linked-in-time to every previous signature (by virtue of the in-order serial number and the regular signature digests). The indelible digital "paper trail" created by our constant distribution and publication of serialized certificates and our publication of externally time-stamped signature-digests makes it impossible for any dates or times to be forged.


  • ­ How do I verify a ReadNotify digital Certificate?
    First, read the wording in the certificate so you understand what satements of fact are being asserted.
    Next, verify the digital signature (the bottom part of the certificate) to make sure no forgery or alterations have been made.

    If you already have signature verification built-in to your email software, follow their instructions to verify the message (usually, you select Decrypt/Verify from the Tools menu, or click on one of the padlock icons in the window)

    If not, follow these steps:

    Your certificate will be attached to either a TEXT or an HTML body (such as an email). If you have a TEXT certificate (this will be apparent because you will see the line:-
    -----BEGIN PGP SIGNED MESSAGE-----
    at the start) skip step 1. and start at step 2. below.

    1. You first need to VIEW the SOURCE of your message.
      • From a web browser, you can select the View menu, and the Source option. Alternatively, Right-Click on the certificate, and select View Source from the menu that pops up.
      • From an email program, either - Right-Click on the certificate and select View Source from the menu that pops up, - or double-click (or right-click) on the email title, and select File, then Properties, then Details, then click the Message Source button, - or save the HTML attachment to a file, open the file in your web browser, Right-Click on the certificate, and select View Source from the menu that pops up.
      • If all else fails, try clicking on the certificate, then pressing Ctrl-A to MARK the entire message, then Ctrl-C top copy it.

    2. You will now have access to the raw signed message text and the attached signature. MARK and COPY either the entire message, or at least MARK and COPY everything from and including the beginning line marked
      -----BEGIN PGP SIGNED MESSAGE-----
      up to and including the ending line marked
      -----END PGP SIGNATURE-----

    3. * If you have an encryption program (for example: PGP), select it's Decrypt/Verify option (eg: in PGP, you click the Padlock, select Clipboard, then Decrypt/Verify)
      * Alternatively, PASTE you message into an on-line verification service form, then click the Verify button. For your convenience, we also provide this service below.

    4. Read the status of your verification. If it reads GOOD or VERIFIED, it will additionally show the date and time of certificate creation. If it reads BAD or FAILED, refer to our troubleshooting "What if my certificate fails to verify" section below.


  • ­ What if my certificate fails to verify? How can I fix this?
    Two things could be the cause of this.

    1. Your email software has altered the original message in some way. For example, it might have added ">" in front of every line, wrapped long lines around or broken up the message formatting in some way. It might have added warnings or copyrights or erased links or performed some other action on your message that has altered your message from its original format. You can manually undo the alterations to re-verify, or you can request another copy of the message. Most ReadNotify certificates are duplicated, with one copy being sent to a recipient, and a second copy being sent as an attachment back to the sender. You can ask for the attachment version to be forward to you, check that the signature serial number and signature date, time, and pattern are the same as your original message, then proceed to verify the attachment (which will not be prone to alteration by your email software, since it is an attachment to a message rather than just a message alone).

    2. The certificate may be forged or your email may have been altered. View our site copy of your certificate (enter the serial number at the end of this page) to check the date, time, and signature pattern match the certificate you received. If they do not, you have a definite forgery. If they do, it might be possible that the sender attached an old certificate to a new email. Either way, the certificate and what it states should not be trusted, nor should the content of any message to which is was attached.




­

Digital Certificate Verification Service

Paste your certificate, including the BEGIN and END dividing lines, and your message source into the following box (be sure to erase the example dividing lines first), then click the verify CERTIFICATE button.

digital signatures