Skip to content
OpenProof

OpenProof

Proof without surrender.

OpenProof is an open-source, privacy-first cryptographic proof-of-existence infrastructure tool. It registers a SHA-256 fingerprint of a file on the Base Sepolia blockchain. The file itself never leaves your browser. There are no uploads, no accounts, and no backend.

Architecture

OpenProof has two layers. The browser handles all file operations. The blockchain is the only persistent state. No layer in between stores, relays, or processes file bytes.

Your browser

File API

Read file bytes

Web Crypto API

SHA-256 hash

Your Wallet

Sign & submit tx

Base Sepolia

OpenProofRegistry

registerProof(bytes32)

Proof stored

creator + timestamp (immutable)

Only bytes32 hashes cross the network boundary

The frontend is a static export. It can be self-hosted, served from any HTTP server, or run offline. The contract is immutable — no upgrade, no admin keys, no fees.

How proof works

  1. 1

    Select a file

    You pick any file from your device. OpenProof reads the bytes using the browser File API. Nothing is uploaded.

  2. 2

    Hash locally

    Your browser computes a SHA-256 fingerprint using the native Web Crypto API. The original file never touches the network.

  3. 3

    Review and connect

    You review the hash. If it looks correct, you connect your wallet (RainbowKit, MetaMask, WalletConnect, or any wagmi-compatible wallet).

  4. 4

    Register onchain

    Your wallet signs and submits a transaction to the OpenProofRegistry contract on Base Sepolia. Only the 32-byte hash is recorded — never the file.

  5. 5

    Download receipt

    A JSON receipt is generated locally with the hash, timestamp, wallet address, and transaction metadata. It auto-downloads to your device.

  6. 6

    Verify anytime

    Anyone can re-hash the file and check the proof page, import the receipt, or query the contract directly through a block explorer.

What OpenProof can prove

OpenProof makes narrow, verifiable claims. Every claim below can be independently checked by anyone using only the onchain record and standard tools.

  • A specific SHA-256 fingerprint existed in the registry at a recorded block time.
  • A specific wallet address submitted that fingerprint for registration.
  • A later file produces the same hash as a registered fingerprint (file is unchanged).
  • A bundle of files produces the same combined hash (all files match the original set).

What OpenProof cannot prove

These limitations are by design. OpenProof is a proof-of-existence tool, not a legal, ownership, or compliance system. It does not overclaim.

  • Who created the file.
  • Who owns the file.
  • That the file contents are true, accurate, or correct.
  • Legal validity, notarization, or compliance with any regulation.
  • Authorship, copyright, or intellectual property rights.
  • Lawful possession or right to possess the file.
  • That the file hasn't been tampered with before hashing.
  • Recovery of the original file if it is lost.

Threat model

OpenProof minimizes trust by design. Here is exactly what you should and should not trust.

Must trust

Smart contract. The deployed bytecode matches the open-source source code at a known commit. Verify on BaseScan.

Your wallet. Your private keys are securely managed. OpenProof never touches your keys.

Blockchain consensus. Base Sepolia correctly executes the contract and finalizes state.

No trust required

Frontend. Every operation — hashing, verification, receipt construction — can be replaced by standard tools. Use sha256sum and a block explorer independently.

Hosting provider. The app is a static export. Self-host or verify the build digest.

RPC provider. Cross-verify with multiple RPC endpoints or run your own node.

Receipt JSON. A receipt alone is never sufficient. Always verify against the onchain record.

Known risks

  • Public hashes can leak information for known, small, or guessable files.
  • A malicious frontend deployment could lie about what it hashes or submits.
  • Browser local storage can be cleared, corrupted, or inspected by anyone with device access.
  • RPC providers can rate-limit or return inaccurate data on the read path.
  • Testnet proofs are not production legal or compliance instruments.

See the full trust model for detailed analysis of trust boundaries, deterministic guarantees, and governance rules.

Our philosophy

Privacy-first by design

Files are hashed locally in your browser using the Web Crypto API. The original content never touches a network request. Only the resulting 32-byte hash may be submitted to the blockchain if you choose to register a proof.

No accounts. No tracking. No analytics.

OpenProof has no user accounts, no profiles, no registration, no analytics scripts, no tracking pixels, and no cookies for advertising. There is no backend to store or process user data. Proof history lives only in your browser's local storage.

Open source and auditable

Every line of code is public under the AGPL-3.0 license. The smart contract, the receipt specification, the frontend, and all documentation are open for anyone to inspect, fork, or self-host. There are no secrets, no proprietary algorithms, and no hidden telemetry.

Minimal and permanent

The smart contract does one thing: register a bytes32 hash with a wallet address and a timestamp. It cannot be upgraded, paused, or deleted. There are no fees, no owners, and no administrative keys. What is written onchain stays onchain.

Registry transparency

The OpenProofRegistry contract is the root of trust for every proof. All values below are public and independently verifiable.

Contract0x60d3DD631E6e4F6D76f761689d6FA229945a874a
NetworkBase Sepolia
Chain ID84532
Explorerhttps://sepolia.basescan.org
Source codeOpenProofRegistry.sol
LicenseAGPL-3.0-only
DetailsAGPL-3.0v0.1.4GitHubBuilt by Sparsh Sam
You are offline. Onchain verification requires an internet connection.