| Summary || Products || Cryptography || Cryptography || Fusion || KeeeX.Js || Verifier || KeeeX Chain || Digital Identity Management |
KeeeX aims to provide a comprehensive suite of tools that enables a secure, decentralized, and universal ecosystem for trusted data.
As much as possible, data processing is performed on the user's device, whether it's an actual end-user or a service provider.
When there is a need for data sharing through known endpoints, a decentralized approach is used whenever possible.
In any case, the tooling itself never shares data and metadata with KeeeX directly unless explicitly instructed to do so by the user.
The core technology focus is on embedding secure metadata and fingerprinting in files, enabling various properties to be derived directly from the files themselves with minimal reliance on a centralized authority.
This means that any file processed by KeeeX (which we call "keeexed" files) can be independently verified for authenticity and integrity without relying on a third party.
Additional data can be obtained when linking through external services, including KeeeX's own services, to verify properties that require online verification.
These properties include timestamping, digital identity confirmation, and dynamic file properties that can change over time.
The integrity and authenticity features are designed to cover the entire input file, as well as all static content of the additional metadata.
Unlike alternative solutions that rely on knowledge of the underlying file format, KeeeX's metadata is designed to be agnostic of the file format.
The only concern regarding the underlying file format is the proper injection of metadata that does not compromise the file's usability.
Regardless of the input format, all bytes of the original data are covered by the integrity and authenticity features.
This protection extends to alternative operation modes, such as archive mode and detached mode, where KeeeX's metadata is separated from the original files.
KeeeX's metadata can be stored in three ways:
We recommend using the first option as much as possible, since it provides the highest level of trust and tightly binds the data and KeeeX's metadata.
However, the other two approaches were implemented to accommodate specific use cases that still need to take advantage of the rest of our tooling, but have constraints that are not compatible with inline embedding.
KeeeX's metadata can be embedded directly into many file formats.
While the actual list of supported file formats may change over time, most commonly used file formats are covered, including standard multimedia files, office files, and some proprietary/custom formats.
Some generic file formats, such as ZIP files, are supported, which means that a lot of other formats based on them are also implicitly supported.
Additionally, some smart file formats allow for extra data to be placed in them without impacting the file's usability.
When a file format is supported, KeeeX's metadata can be embedded in it without altering its usability properties.
In essence, this means that these files can be stored, distributed, and used as they would be in any regular software, but with the additional properties attached to them.
Using these files in software or solutions aware of KeeeX's metadata will allow them to take advantage of these properties.
The archive mode is a "safe" operational mode used to attach KeeeX's metadata to a file.
It removes some of the limitations of the inline embedding approach but comes at the cost of some usability.
In this mode, the original input file is always considered an opaque, unsupported file format, and all metadata are embedded at the end of the file.
This is especially useful for archival purposes, hence the name, as it can be slightly faster and will work with any kind of file.
However, it may break usability because some file formats do not work well when data is appended to them.
Note that, for archive mode, it is always possible to extract the original file without losing any data from the resulting file.
This is a key feature of the archive mode.
When inline embedding is not an option but the ecosystem of integrity validation, authenticity check, timestamping, static, and dynamic properties is still needed, detached metadata can be used.
It creates a "side" file with all metadata in it, including the unique fingerprint of the original file to ensure that it is always applied to the correct data.
The downside of this approach is that the file and its metadata live in two separate files, meaning it is easy to transmit one without the other and lose track of the metadata.
This is the least optimal approach, but it is still useful in some cases, especially for very specific file formats that do not support inline embedding.
Most use cases that are not archival will likely use a majority of inline embedding, with a minority possibly using detached metadata.
KeeeX's metadata is a set of information that can be attached to a file to provide additional properties to it.
These properties can be used for various purposes, some of which are described below.
The metadata format also allows for user-provided metadata, enabling the embedding of custom properties directed towards specialized processes and workflows in addition to the basic features KeeeX guarantees.
The following is a non-exhaustive list of the most useful metadata supported.
Integrity metadata:
Authenticity metadata:
Timestamp information:
Custom metadata:
Each keeexed file has a built-in identifier called an IDX.
It is similar to a file fingerprinting but also includes all of KeeeX metadata, making it unique and immutable for a given file, time of keeexing, and set of static metadata.
This IDX is effectively substitutable to the file in a context of validation and integrity check.
This provides additional benefits over a regular hash, as it also includes the date of creation, and allows linking to dynamic properties while remaining stable over time.
The format used for keeexed files' IDX is also designed to be human-readable, making it easy to check at a glance.
An example of such an identifier is:
xilop-tolyf-robyh-fodel-nakep-zibof-dafyb-helot-kimuh-cifof-nofyb-byzar-typid-tugob-zovaf-cyret-huxex
Ensuring that all words are the same between a known-reference and a file you have to check ensures that both the content and the metadata are the same, without needing to check the whole file.
Due to the nature of cryptographic digests, even checking only the first few words of the IDX is enough to ensure that the file is the same as the reference with a good level of confidence.
KeeeX metadata format allows for the embedding of references to external ledgers.
This, in itself, already provides a way to link a file to an external source of information.
Additionally, using the file's IDX as a reference for that external ledger, it is possible to link whatever information it provides to that unique file reference.
This approach is leveraged by KeeeX, in combination with publicly auditable technology such as EVM SmartContracts, to provide a bi-directional link between a file and the ledger data.
Effectively, it is impossible to alter an IDX to point to another ledger, and it is not possible to alter the data the ledger references to be associated with another file: altering the reference to the ledger would change the IDX, and altering the ledger's content would leave a visible trace in the blockchain on which it is running.
KeeeX operates mainly on files, without altering their original properties and format.
The metadata embedded in keeexed files is made to be mostly human-readable, and provides a high level of interoperability.
When applicable, data representation (digital signatures, timestamp, etc.) uses available standards.
File fingerprinting is done using standard digest algorithms.
KeeeX does use an innovative way of combining digest algorithms to compute the file's IDX; that method is described in KeeeX Multihash.
In addition, digital signatures are made using common algorithms and standards, including but not limited to Bitcoin message signatures (based on ECDSA).
We also allow the embedding of X509 certificates as a way to support existing PKI.
In any case, the use of digital signatures is low-level, and higher layers used to manage digital identities associated with digital signatures are not covered here.
This is usually handled by existing user management solutions, relying on existing standards that do not affect the actual digital signatures.
This documentation will provide an overview of the following tools and environments that KeeeX provides:
In addition to these tools and solutions, KeeeX can also develop and provide higher-level services to ease the process of integration with existing workflows.
These services are not covered here, and are usually provided on a case-by-case basis.