Proof Envelope
Read the spec
Open specification · v1.0

Portable Cryptographic Proof.

Proof Envelope is an open specification for packaging, signing, and verifying cryptographic assertions across software, identity, licensing, and compliance.

Read the Specification →Explore Examples
· Offline verifiable· Vendor neutral· Apache-2.0
envelope · v1.0 · signed
sha256:9f4a…c2e1
PE
Proof Envelope
issuer: did:web:sigil.dev
  • ├─License Statement
    type: license
  • ├─Provenance Statement
    type: slsa.provenance
  • ├─SBOM Statement
    type: sbom.cyclonedx
  • ├─Identity Statement
    type: identity
  • ├─Custom Statements
    type: your.domain.*
signatureverified · ed25519
Why Proof Envelope

Trust infrastructure, designed to travel.

01
Portable

Move proofs between systems without relying on a central server.

02
Verifiable

Verify assertions cryptographically and offline.

03
Extensible

Define custom statement types for any domain.

04
Composable

Bundle multiple independent proofs into a single envelope.

How it works

From issuer to offline verifier in six steps.

Every envelope is a self-contained artifact. No phone-home, no vendor dependency — the verifier holds everything it needs.

  1. 01
    Issuer

    An authority with signing keys.

  2. 02
    Creates Statements

    Typed assertions about a subject.

  3. 03
    Packages Envelope

    One or more statements bundled together.

  4. 04
    Signs Envelope

    Detached signature over the canonical payload.

  5. 05
    Distributes Artifact

    Ship with the build, embed, or hand off.

  6. 06verified
    Verifier Validates Offline

    No network, no central server.

Supported use cases

One envelope. Many domains of trust.

use case
Software Licensing

Per-seat, per-tier, per-feature entitlements verifiable in your runtime.

use case
Supply Chain Security

Sign and ship attestations alongside every build artifact.

use case
SBOM Distribution

Package CycloneDX or SPDX SBOMs as signed, portable evidence.

use case
Build Provenance

Carry SLSA provenance with the artifact, not in a remote ledger.

use case
Identity Verification

Issue and present verifiable identity assertions, offline.

use case
Compliance Reporting

Auditor-checkable claims with cryptographic guarantees.

use case
Digital Ownership

Transferable, signed proofs of ownership and entitlement.

use case
Enterprise Integrations

A neutral envelope format every internal system can speak.

Specification overview

Five primitives. Nothing magical underneath.

Proof Envelope keeps the surface area small on purpose. The whole model fits on a napkin — and that's the point.

Envelope
A portable container for cryptographic statements.
Statement
A verifiable assertion about something.
Proof
Cryptographic evidence supporting a statement.
Verifier
Software that validates proofs.
Registry
An optional mechanism for discovering statement and verifier types.
Example

A signed envelope, in plain JSON.

Statements are typed payloads. The envelope wraps them, the signature seals them, the verifier checks them — anywhere.

envelope.json
{
  "envelopeVersion": "1.0",
  "id": "urn:pe:9f4a…c2e1",
  "issuer": "did:web:sigil.dev",
  "issuedAt": "2026-05-31T12:00:00Z",
  "statements": [
    {
      "type": "license",
      "subject": "elsa-enterprise",
      "issuer": "sigil"
    }
  ],
  "signature": {
    "alg": "ed25519",
    "value": "MEUCIQD…"
  }
}
verify.ts
import { verify } from "@proofenvelope/verify";

// load the envelope from disk, wire, or vault
const envelope = await fetch(".pe/envelope.json")
  .then(r => r.json());

// fully offline — no network, no central server
const result = verify(envelope, {
  trust: ["did:web:sigil.dev"],
});

if (result.valid) {
  for (const s of result.statements) {
    unlock(s);
  }
}
Roadmap

Shipping in the open.

Shipped
  • Envelope Format
  • Statement Model
  • Offline Verification
  • .NET SDK
Upcoming
  • Reference Verifier
  • Additional SDKs (TypeScript, Rust, Go)
  • Registry Specification
  • Community Statement Types
Open ecosystem

Designed as an open specification that anyone can implement.

Proof Envelope is governed in the open, MIT/Apache licensed, and built to outlive any single vendor — including the one stewarding it.

View SpecificationGitHub Repository →