How it works:
The SimpleSign webpage runs entirely client-side; that is, it does not connect to a remote server. It can be run offline, loaded from an USB drive, thereby reducing the risk of key leakage.
To calculate a digital signature, SimpleSign performs the following steps:
After the user selects a document, SimpleSign hashes the file using one round of SHA256 to produce the document hash. This hash is converted to a hex-encoded UTF-8 string and displayed on the webpage along with the file’s name and size.
When the user presses “Sign document,” SimpleSign uses the Bitcoin Signed Message protocol to produce a digital signature. In particular, it prepends the string “\x18Bitcoin Signed Message:\n” to the hex-encoded document hash and then generates an ECDSA signature for this message using the user-supplied private key, SHA256d as the hash function, and secp256k1 as the elliptic curve.
SimpleSign appends a byte to the resulting (r, s) signature pair to allow pubkey recovery and then encodes the resulting 65-byte sequence in base 64 (this is standard for a Bitcoin-signed message).
Finally, it prints the user’s bitcoin address followed by a comma and then the base-64 encoded signature to the text box on the page. The user can now share this signature as he or she wishes to prove that he or she has signed the document.
Now, use this document hash as the “message” and verify the signature and address found in Step 2 at brainwallet.org. For example, see here.
The verification should be successful, meaning that we have cryptographic proof that the private key used in Step 2 has indeed signed the Satoshi white paper. If the corresponding bitcoin address (1Jc7TiqM1U7SFwc7GvCXmf6WfgLkDiiAZ2) was known to belong to S. Nakamoto, we would be reasonably sure that S. Nakamoto had signed this exact version of the document.