Signed payloads for invoices and payment instructions.
Project page: https://monkeytime.github.io/doctrust/
DocTrust is a small open standard draft for embedding machine-verifiable proof into documents and QR codes. It aims to help software detect tampering of critical fields such as IBAN, beneficiary name, amount, and payment reference before a transfer is approved.
Email and PDF workflows are easy to imitate. DocTrust adds a signed payload and a trust registry so verification software can check:
- who issued the document,
- whether the payload changed,
- whether the issuer key is trusted,
- whether the payment details match the expected transaction.
- signed JSON payloads
- QR transport with a compact
dtp1z.envelope - local trust registry lookup
- reference SDKs in JavaScript, Python, and .NET
- minimal invoice and payment profiles
- a replacement for legal identity verification
- a general anti-phishing cure
- proof that an issuer is honest
spec/- protocol and format specificationgovernance/- trust registry governance and operating modelschemas/- machine-readable schemasconformance/- versioned conformance vectorsexamples/- payload and registry examplessdk-js/- JavaScript reference SDKsdk-python/- Python reference SDKsdk-dotnet/- .NET reference SDKSECURITY.md- vulnerability disclosure policy
- Read the protocol in
spec/v1.md. - Inspect the sample payload in
examples/invoice.json. - Run the reference SDK tests in each language folder.
This repository is early-stage but executable. The current focus is to tighten the specification, keep the SDKs aligned, and add conformance tests and integration examples.