Stampery Blockchain Add-in for Microsoft Office

Views:  25,866

This is just one of many blockchain related projects at Microsoft.  For others, see https://azure.microsoft.com/en-us/blog/topics/blockchain/

Partner Scenario

Stampery provides the ability to certify and verify documents against both Ethereum Classic and Bitcoin blockchains via a web page and also through a programmatic API. They wanted to improve their enterprise customer reach by adding Microsoft Office as a client in their present solution.

This code story covers how we created an add-in for Microsoft Office that communicates over REST with an Azure Node.js server, which then calls the Stampery API.

Problem

Enterprise organizations keep many important records in Office, such as contracts and other legal documents. It is valuable for users to be able to certify or sign these documents, to verify they have not been altered. That is, users should be able to see that documents sent to them are signed or stamped, then verified or notarized.

Various companies sell such a certification function and store the document’s signature so that it can be verified at a later date. This approach, of course, relies on the company ensuring the privacy of the document, as well as their continued ability to validate it in the future.

An alternative to relying on a single entity (commercial, public, government, etc.) to keep such proof of identity safe is to create a hash of the document and send that hash to the publicly accessible blockchain, such as Bitcoin. Once the hash data is present on the public blockchain, the document can’t be changed without invalidating the hash. This approach guarantees both the document’s privacy and the data’s availability for future validation purposes.

Stampery provides this functionality today by creating hashes of documents submitted through the web and storing them on the Ethereum Classic and Bitcoin public blockchains. To enable this capability, Stampery provides a RESTful API that is accessible from applications.

In this project, we leveraged this secure API to create a convenient add-in to Microsoft Outlook that performs like a near-native feature to stamp/certify an email without leaving Outlook or even the specific email that you are viewing. The solution provides document certification (creation of a stamp) and verification (checking a document against a stamp) in Office using the Stampery API and the public blockchain.

Solution Overview

The manifest file in the Office add-in creates certification and verification buttons in the toolbar of Outlook documents.

outlook add-in

Certification

Pressing the certification button calls a JavaScript function in Office. This function hashes the document and sends the sha256 hash to a Node.js server as a REST call, so the document never leaves Office. The Node.js server runs as an Azure App Service and keeps a copy of the hash for later verification before calling the Stampery API with the hash. The Stampery service then takes the hash and puts it onto the public Ethereum Classic and Bitcoin blockchains.

Verification

Pressing the verification button calls the Javascript function from the certification process again, which hashes the document and sends the hash to the Node.js server as a REST call. The Node.js server then calls the Stampery API to access the original hash for the document from both blockchains. It compares the two hashes and returns a verified result if they are the same. The Microsoft Office client (either the Outlook client or the browser client) then displays a verification message to show that the document is unchanged (or not).

Architecture

solution architecture

For additional details, please refer to the GitHub repo.

Implementation

The add-in is implemented in JavaScript running in Microsoft Office and with a Node.js server. In Office, there is a manifest which allows add-ins for the document and a set of functions which provide the service. The Node.js server provides the REST service to connect to the Office functions and to communicate with the Stampery API.

Office Manifest

The Office manifest provides two add-in buttons, “Certify” and “Verify,” along with their associated comments and status information.

The certification button (stamp function) looks like:

The verification button (prove function) looks like:

Below are the associated comments:

Office Functions

The JavaScript running in Office has two functions: stamp and prove. These functions retrieve the document body (not the metadata) from Office and then hash it. This hash is then posted to the Node.js server (in the case of stamp), or the proof of the hash is requested from the server (in the case of prove).
We then compare the returned hash to the computed one; if they are the same, then a success message is displayed in Office.

The hash is:

The REST calls to the Node.js server api.js are:

Node.js Server

On a stamp, the Node.js server calls the Stampery API with the hash and adds it to the proofsDict array for verification.

On a proof, the Node.js server checks in the proofsDict array to see if the stamp is valid. In the initial implementation, an in-memory JavaScript object was used to store the hashes generated. In the future, the Stampery API is being enhanced to include secure storage of the hashes so that the in-memory object is no longer required. If the stamp is valid, it returns the following result.

Conclusions

The Microsoft Office add-in for the Stampery API and service allows users to certify and verify documents on the Ethereum Classic and Bitcoin blockchains. This method helps users employ the most appropriate, secure method to store both the document and the hash. As a result, enterprise customers who depend on Microsoft Office can now utilize blockchain technology and the Stampery service to confirm the validity of their important Office documents.

Opportunities for Reuse

This solution is reusable for all Microsoft Office products and ERP applications such as Dynamics. In a more general sense, anyone wanting to certify and verify any digital asset could reuse and build upon this knowledge, too.
The code example for Office is open source and available on GitHub.

19 comments

  1. Very interesting post and useful job!!

    I have a doubt. You say in the post: “This approach guarantees both the document’s privacy and the data’s availability for future validation purposes”
    To me, it is clear how data´s availability for future validation (hash) is guaranteed, but I do not see how you guarantee document´s privacy. At the end of the day, as far as I see, it must be the own company who ensures privacy as in other technologies.

    1. Thanks for the comment.
      You are correct, it is up to the organisation to ensure the privacy of any document they create or use.
      I should have written “guarantees both the document’s privacy outside the organisation and the data’s availability…
      Michael

  2. Why is it using Ethereum Classic instead of regular Ethereum though? It would seem to me that Classic is a slowly dying chain as its losing more and more momentum compared to the other fork.

  3. Please could you explain me how to install de Stampery add-on?
    I can’t find it in the Office Store.
    Thanks in advance!

  4. Hello Michael:

    I installed the manifest add in (.xml file) in my free Outlook account. It seems that everything is ok but the “Stampery” buttons do not appear in my toolbar… Can you help me please?

Leave a Reply

Your email address will not be published. Required fields are marked *