Documentation Index
Fetch the complete documentation index at: https://docs.deepidv.com/llms.txt
Use this file to discover all available pages before exploring further.
When you land on proof.deepidv.com/a/{id}, you’re looking at the full proof of one specific verification.
Reading the six-step pipeline
Each step has a status badge:- Verified — the check passed. The cryptographic signature, the timestamp, the inclusion proof, the anchor all check out.
- Skipped — applies only to TSA token verification in the SDK
verifyBundle()path, because the SDKs do not ship X.509 chain validation in v1. The explorer always verifies all six steps; only the offline-SDK path skips TSA. - Failed — should never happen for a legitimate attestation. If you see it, something has been tampered with.
What each step means
Envelope hash
SHA-256 of the canonicalized (JCS, RFC 8785) envelope JSON. Anchors the rest of the chain — every signature below is over this hash.
Issuer signature
ECDSA P-256 signature by the issuer’s KMS-held private key over the envelope hash. Verified against the issuer’s public key, which is in the bundle and on the issuer profile page.
Dual RFC 3161 timestamps
Independent timestamp tokens from DigiCert and Sectigo, each binding the envelope hash to a specific moment in time. Either alone is sufficient evidence; both together are belt-and-suspenders.
Merkle inclusion
The audit path from this envelope’s leaf to the segment’s STH root. Verifies the envelope is actually in the log — not just claimed to be.
Master STH signature
ECDSA P-256 signature by the chain-master key over the STH (root + tree size + timestamp). Verified against
master.pem published on the log page.Label commitments
Each envelope carries a list of labels — structured metadata like country, tier, document type, KYC level. In the bundle and on the detail page, you see:| name | value | status |
|---|---|---|
| country | CA | Revealed |
| tier | [committed but not revealed] | Committed |