Hash-bound, verifiable digital objects.
InkSeal is an open, versioned standard for hash-bound digital objects and portable proof packages. It defines how digital artifacts can be identified, described, packaged, and later verified through a canonical content hash, a manifest, and optional timestamp evidence.
This repository is the canonical public source of InkSeal Standard v1.0. It publishes the normative baseline, the public claim and scope statement, the license and mark boundary, and the frozen version history.
Scope boundary
InkSeal v1.0 defines a public, versioned standard for content identity, manifest binding, portable proof packaging, and optional timestamp evidence.
InkSeal by itself does not automatically guarantee legal qualification, jurisdiction-specific compliance, authorship, or regulatory status. Those outcomes depend on the evidence profile, the external trust components used, and the legal context in which the package is evaluated.
What InkSeal defines
Content identity
Canonical SHA-256 hashing binds the package to the exact subject object bytes.
Portable packaging
A .proof container carries the manifest and related evidence in a portable structure.
Later verification
The package can be independently inspected and evaluated without vendor lock-in.
What InkSeal proves
- proof of content identity through canonical hashing
- proof of package integrity through manifest binding
- proof that timestamp evidence is included in the package, when present
- a portable structure for later independent verification
What InkSeal does not prove by itself
- authorship
- legal qualification
- jurisdiction-specific compliance
- the trust status of an external timestamp service
- that a third party has independently validated a package
Proof layers
Layer 1 — Content identity
Canonical SHA-256 hashing binds the package to the underlying content.
Layer 2 — Portable proof package
The .proof container carries the manifest and related evidence in a portable structure.
Layer 3 — Timestamp evidence
External timestamp evidence may be included where available.
Layer 4 — Independent verification
Third parties can inspect the package structure and evaluate the embedded evidence.
Layer 5 — Optional compliance profiles
Jurisdiction-specific or regulated use cases require additional profiles, trust services, and validation rules beyond the base standard.
Verification and interpretation
Public verifier
Use the browser-based verifier to validate package structure, parse manifest.json,
recompute the SHA-256 digest of the subject object, and check whether referenced evidence files are present.
Verification model
The public verification logic for InkSeal v1.0 is documented separately so that the base-format checks remain stable, inspectable, and distinct from higher-layer trust or compliance interpretation.
Proof boundary
InkSeal proves content binding and package structure first. Legal, regulatory, authorship, and trust conclusions require additional profiles, trust components, and evaluation context beyond the base standard.
What this repository is for
- canonical standard text
- public origin and claim statement
- frozen version baseline
- license and mark boundaries
- stable citeable reference point
InkSeal v1.0 is broader than a narrow legal-proof workflow. A timestamp can matter, but the base standard is equally about identity, portability, referencability, packaging discipline, and later verification.
Canonical package concept
example.proof
├── manifest.json
├── tsr.bin (optional)
└── timestamp.ots (optional)Frozen baseline
Current public baseline: InkSeal Standard v1.0
v1.0 should be treated as a frozen baseline. Future revisions must be versioned explicitly and must not silently redefine the meaning of v1.0.