Portable Cryptographic Proof, v1.0

A Proof Envelope is a signed, portable artifact that carries one or more typed Statements. It is designed to travel with software, identity, license, and compliance artifacts; to be verified offline; and to compose across domains without coordination between issuers.

An envelope is a JSON object containing an envelopeVersion, an issuer identifier, a non-empty list of statements, and a detached signature.

{
  "envelopeVersion": "1.0",
  "id": "urn:pe:<ulid>",
  "issuer": "<DID or URI>",
  "issuedAt": "<RFC3339>",
  "statements": [ /* &gt;= 1 Statement */ ],
  "signature": { "alg", "value", "kid?" }
}

A statement is a typed assertion about a subject. Statement types are namespaced strings; implementations MUST ignore statement types they do not recognize, but MUST still verify the envelope signature.

{
  "type": "license",
  "subject": "elsa-enterprise",
  "issuer": "sigil",
  "claims": { "tier": "pro", "seats": 5 }
}

The envelope signature is a detached cryptographic proof over the canonical JSON serialization of the envelope with signature.value elided. Implementations MUST support ed25519; SHOULD support ecdsa-p256.

A verifier MUST: (a) canonicalize the envelope; (b) resolve the issuer's verification key; (c) check the signature; (d) check issuedAt and any statement-level expiry; (e) surface verified statements only.

Implementations MAY consult a registry to discover statement schemas and verifier modules. A registry is a content-addressed index; nothing in this specification requires its use, and envelopes MUST remain verifiable without one.