Verify RKVST SCITT Receipts

Proof of Posting Receipts for SCITT

What are receipts?

Having a receipt for an RKVST Event allows you to prove that you recorded the Event on the RKVST Blockchain, independent of RKVST.

Receipts can be retrieved for Simple Hash Events once they have been confirmed and anchored.

Receipts can be retrieved for Khipu Events once they have been confirmed.

A user may get a receipt for any Event they have recorded on the system. You must be an Administrator for your Tenancy to retrieve receipts for any Event within the Tenancy, including those shared by other organizations.

Receipts for Public Events can be obtained by any authenticated API request.

Note: Receipts are currently an API-only feature. In order to obtain a receipt, you will need an App Registration.

What is in a receipt?

The Receipts API is provided as an integration with emerging standards driven by Supply Chain Integrity, Transparency, and Trust (SCITT).

Regardless of how the standards evolve, any receipt you obtain today will remain valid proof of posting for the Event.

Warning: The complete contents of the Event are present in the receipt in clear text. If the Event information is sensitive, the receipt should be regarded as sensitive material as well.

The /archivist/v1/notary/claims/events API creates a SCITT claim for an RKVST event.

In the SCITT model, this claim is then presented to a transparency service to obtain a receipt. When you present a claim to the /archivist/v1/notary/receipts API to obtain your receipt, RKVST is acting as the transparency service and returns a (draft) standards-compatible receipt proving that you recorded your Event on the RKVST Blockchain.

How do I retrieve and verify a receipt?

Once retrieved, receipts are fully verifiable offline and without calls to the RKVST system using independent OSS tooling.

However, for your convenience RKVST provides a Python script that can be used to retrieve and verify a receipt. For full details, please visit our Python documentation.

Receipts can also be retrieved offline using curl commands. To get started, make sure you have an Access Token, Event ID, and jq installed.

First, save the identity of an event in EVENT_IDENTITY.

  1. Get the transaction_id from the Event.
        -X GET -H "Authorization: Bearer ${TOKEN}" \${EVENT_IDENTITY} \
        | jq -r .transaction_id)
The transaction_id is available once the event has been committed to the blockchain. For assets using the Simple Hash proof_mechansim it is available once the event is included in an anchor. For Khipu, it is available when the event is confirmed.
  1. Get a claim for the Event identity.
CLAIM=$(curl -s -d "{\"transaction_id\":\"${EVENT_TRANSACTION_ID}\"}" \
        -X POST -H "Authorization: Bearer ${TOKEN}" \ \
        | jq -r .claim)
  1. Next, get the corresponding receipt for the claim.
RECEIPT=$(curl -s -d "{\"claim\":\"${CLAIM}\"}" \
        -X POST -H "Authorization: Bearer ${TOKEN}" \ \
        | jq -r .receipt)
  1. Get the block details.

Get the block number using:

echo ${RECEIPT} | base64 -d | less

Look for the first "block":"<HEX-BLOCK-NUMBER>" in the decoded output and set the value in the environment, for example: BLOCK="0x1234".

Next, get the appropriate state root field from the block details. To verify a Simple Hash receipt get the stateRoot:

WORLDROOT=$(curl -s -X GET -H "Authorization: Bearer ${TOKEN}" \
  "${BLOCK}" \
            | jq -r .stateRoot)

To verify a khipu receipt get the privateStateRoot field:

WORLDROOT=$(curl -s -X GET -H "Authorization: Bearer ${TOKEN}" \
  "${BLOCK}" \
            | jq -r .privateStateRoot)
  1. Finally, use the rkvst_receipt_scittv1 command to verify the receipt offline at any time.
echo ${RECEIPT} | rkvst_receipt_scittv1 verify -d --worldroot ${WORLDROOT}

Edit this page on GitHub