[petertodd]

This article doesn't explain what those digital proofs actually prove. Or to be precise, what kind of attacks they prevent.

AFAICT, it's at least partly timestamping (you can get OpenTimestamps proofs from Woleet). Re: that, I'd suggest reading my OTS announcement blog post which starts by covering what timestamps can and can't prove: https://petertodd.org/2016/opentimestamps-announcement

tl;dr: timestamping is much more limited than people often think, because you can timestamp contradictory things.

[doctorbug]

You're right. So to give you more insight, a Woleet signature proof uses timestamping to prove that the signature was actually generated BEFORE the timestamp date.

Note that the data being signed is made of the hash of the signed file concatenated with the hash of the signer identify (an X500 identity as entered by the signature requester and accepted by the signer).

Timestamping is also used in Woleet Sign to prove that the audit trail of a signature request (ie. the list of events of the signature workflows) was generated BEFORE a given date.

[gill3s]

Hello Peter! This article presents the solution but to explain a little bit more, the general configuration for eSignature in Woleet Sign is the platform generating keys for each signer (generated randomly in each request) and then send private links by email and OTP SMS if a phone number is provided. So in the end Woleet timestamps a proof that the person controlling a specific email and a specific phone number had a specific document in his possession and agreed to sign. It's also possible to use our signature system with your own keys associated with people with verified identities (KYC), to comply with "advanced" eSignature regulation in Europe.