Verification

How to verify a record

Every claim below is checked with open, generic tools — a Python interpreter and the ots command — against math and the Bitcoin blockchain. None of it requires this site, or its operator, to still exist.

What a record claims

Each registration claims exactly three things:

  1. A card with a given serial was registered at a given timestamp (UTC, millisecond precision).
  2. If a note was attached and marked public, it's included verbatim. Otherwise only its SHA-256 hash is — enough to confirm a note you already know, never enough to recover an unknown one.
  3. A leaf hash, a fixed function of (serial, timestamp, note), is included in a Merkle tree whose root is timestamped on the Bitcoin blockchain via OpenTimestamps.

Nothing here proves who registered a card — only that a registration with these exact contents existed no later than the confirmed Bitcoin block time.

Verify a specific card

Look up a card's serial at /verify/<serial> to see its actual leaf hash, Merkle path, and anchor status inline, with copy-pasteable commands substituted with real values.

Recompute a leaf hash

python3 -c "
import hashlib
serial = 'TR-0000'                          # from the record
registered_at = '2026-07-13T05:20:00.000Z'  # from the record
note = ''                                   # the note, or '' if private/absent
inner = hashlib.sha256(note.encode()).digest()
print(hashlib.sha256(serial.encode() + registered_at.encode() + inner).hexdigest())
"

Verify a Merkle path

import hashlib

def verify_merkle_path(leaf_hex, path, root_hex):
    h = bytes.fromhex(leaf_hex)
    for step in path:
        sib = bytes.fromhex(step["hash"])
        h = hashlib.sha256(sib + h).digest() if step["side"] == "left" \
            else hashlib.sha256(h + sib).digest()
    return h.hex() == root_hex

Verify the Bitcoin anchor

pip install opentimestamps-client
ots verify root.bin.ots -f root.bin

Verify the signed dump

/api/log serves every record as a single JSON dump, signed with an Ed25519 key (/api/log/pubkey). Any standard Ed25519 implementation — cryptography, PyNaCl, minisign, age, OpenSSL 3.0+ — verifies the same signature.

What the operator can't forge

Once an anchor is Bitcoin-confirmed, no one — including us — can back-date it, alter its contents undetectably, or present a differently-signed dump without it being obvious. What we can do: delay anchoring, or fail to keep a record online. That's why the signed dump exists — mirror it anywhere you like, and it stays verifiable without us.