Advice on how to save a secure document as an NFT on the blockchain and display in a secure (private) website

Hello Forum,

I’m very interested in saving some important digital documents as an NFT on the Cardano blockchain and learning how to implement this. I’m very new to NFT’s and the inner workings of blockchain in general so I have some (probably) basic questions for this forum to help me see if what I want to accomplish can be done on Cardano. Here are my thoughts/requirements/questions:

• We create digital documents which we sign and send via email to our clients.
• We also have a locally hosted webpage where our clients can login and download these documents as well.
• I would like to use the blockchain to confirm that these documents were created at a specific date and that the data on these documents at the time or creation cannot be changed at a later date. The existence of this document on the blockchain confirms the data at that date.
• I’ve learned a little about what an NFT is so my idea was to mint each of these documents as an NFT so this important digital document if ever changed can be proven that it was changed because the minted NFT of the document would be the source of truth.

1. Is this idea possible or feasible to save documents on the blockchain as a source of truth?
2. Where do I save these minted NFT document? My thought was that each document is saved on the blockchain where it can be retrieved at any time.
3. If documents can be saved on the blockchain, I would need to have a secure (password protected) webpage like our locally hosted site whereby our clients can login and retrieve these documents when needed.
4. If documents are not saved on the blockchain do I need to mint each document as an NFT and save each minted document on our own storage for retrieval by our website?
5. How does the ownership of the NFT work? At the point the NFT is created who owns that NFT? Do we own it because we minted it? What about the rights of the NFT for our client? We did work for our client and created a digital document of our work and signed our name to that document. If we mint a document as an NFT do we need to transfer the NFT ownership of that document to our client because they paid for our service? Or do we keep the rights to the NFT document and yet allow our client access to the digital document for their use.

Any advice this forum can provide me in helping me understand if and how NFT’s can be used in creating secure digital documents and how I can distribute these NFT’s to our clients would be greatly appreciated.

Thank you.

NFTs are just a bunch of (meta-)data bound to a token. That token can be transferred from one owner to the next in blockchain transactions.

It is not established in any jurisdiction (to my knowledge) that any rights to the content are transferred together with the token. A lot of NFTs even contain a (more or often less professional) copyright notice that indicates that the creators do not want to transfer copyright to the token owner.

Most NFTs do not contain the content itself, but just a link to the content, on a website or on IPFS. There are some (https://cardanotrees.com/ or https://stellarhood.com/ for example) that put the content in data: URIs that are stored directly on the blockchain. But they make an art out of creating a very small HTML/Javascript document that is suitable for that.

Storing whole PDF documents on the blockchain would be hostile to the community, since every full node (all stake pools and also everyone running Daedalus) would have to store all your PDF documents on their hard drives forever. And it would (as far as I know) also be expensive, since fees and minimal Ada to be transferred and stored together with the NFT scale with the size of the metadata.

For your use case, it seems to not matter at all, in which wallet that token ends up. You can decide in the minting transaction if it is kept at the address that also does the minting, is sent to an address in your wallet or is sent to an address of a wallet of the client.

If you do not want the PDF to be public (as it sounds from your post), you would have to either still put it on your password-protected website and just put a link to it in the NFT or you would have to encrypt it, before putting it on IPFS. If you put it on your website, you could still modify it at will at any time. So, to proof that exactly this document was recorded on the blockchain, you would have to include a hash/fingerprint of it in the NFT metadata. For IPFS, this is not strictly necessary, since IPFS itself addresses content by its fingerprint and so is immutable by design.

I’m not aware that any jurisdiction already officially acknowledges blockchains/NFTs as a timestamp proof. But you could certainly find experts that could testify that it is technically quite certain that such an NFT transaction ensures that a document was created at a point in time before the minting transaction.

Just for the record: There are established standards for timestamping services that do not need blockchains and that need less resources than even a proof-of-stake blockchain. Cf. https://www.ietf.org/rfc/rfc3161.txt and for example https://knowledge.digicert.com/generalinformation/INFO4231.html.