Abstract

This disclosure describes two cryptographic constructions complementary to the architecture previously published by the present inventor on Technical Disclosure Commons (TDCommons publication 10079, 12 May 2026). The first construction is a self-verifying single-file document scheme, where a document embeds the SHA-256 hash of its own canonicalized form within a reserved placeholder zone, allowing the document to verify its own integrity at load time, in any standards-compliant browser, without any external trust anchor, certificate authority, server, or registry. The verification fails closed: on mismatch, the document irreversibly disables its decryption controls and exposes a tamper warning to the recipient. The second construction is a dual-passphrase key architecture that strictly separates the issuer's long-term local secret (used to encrypt the local vault and unlock the ECDSA signing key) from a per-export recipient passphrase (automatically generated, derived through Argon2id RFC 9106 with 96 MiB memory and four iterations, used to encrypt the identity payload of one specific exported document). The two secrets occupy distinct cryptographic domains: compromise of the per-export passphrase grants access only to that one document and never to the issuer's vault, signing key, or other previously issued documents. The architecture supports the single-file self-contained HTML distribution model previously disclosed, blockchain timestamping for proof of existence, and the IPFS content-addressable deployment model. This disclosure is published as defensive prior art under the Creative Commons Attribution 4.0 license.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS