What a receipt is, technically.
A receipt is a small, self-contained record containing:
- The SHA-256 hash of the original file (32 bytes; a one-way digest, preimage-resistant).
- An ECDSA P-256 signature over a canonical JSON envelope of { id, original_hash, signed_at, signer_kid }, using a key whose public part is published at
/.well-known/receipts-pubkey.pem. - An OpenTimestamps proof: the hash is committed to an independent decentralized timestamping network, so the existed-at-or-before time is anchored externally and cannot be backdated.
- Optionally, a second hash for the QR-stamped composite (so the file the user shares is also covered) and an optional plain-text note + source URL the user supplied.
Three independent verification pathways exist: (a) by hash, against our database; (b) by ECDSA signature, against our published public key, offline with openssl; (c) by OpenTimestamps anchor, against the timestamp network, with no involvement from receipts.you at all. The third matters most for evidentiary use: this proof would still verify if receipts.you's entire infrastructure disappeared tomorrow.