Quote Originally Posted by Daniel View Post
I've had too many third party services close down, rename themselves, or re-engineer how they work to trust any long-term anymore.

I'd suggest going along with Acorn's suggestion of using PGP, but rather than encrypting anything, just use it as a free, quick, easy, and long-term reliable method of signing files.

You then just need to prove that you created the PGP signature when you say you did (ie, and that you've not just set your PC's clock back in time) - so publish the PGP signing output (which is just a few lines of text) onto a page on your website, make a copy with Archive.is and paste the signature on Pastebin . Make sure your site is indexed by the Internet Archive and by keeping a note of the Pastebin/Archive.is URLs, you'll have timestamped, uneditable copies of the PGP signature - therefore publcily verifyable proof you signed the file that you claim you did, and when.

You needn't put the files online publicly, just the signature for each file.
Thank you Daniel that is an elegant approach.

Acorn