me·ochk·io
sign in
live · mainnetme · ochk · io
federation-custodied · self-custody-ready
§ verify

envelope oc-me-543210fe

a public, content-addressed record of one billable event on me.ochk.io. signed by the integrating site, co-signed by OC, anchored to a bitcoin block via OpenTimestamps, republished to four nostr relays. this page is the rendered version; the envelope itself is below.

class C · session

session opened at Breez

breez.example · Wed, 29 Apr 2026 18:34:51 GMT

site paid
80sats
$0.08
oc platform fee
16sats
$0.02
user earned
+56sats
$0.05
§ live verifier · oc-me-543210fe
  • 01 · fetch canonical envelope
    idle
  • 02 · compute sha-256 of canonicalized json
    idle
  • 03 · fetch OC public JWK from ochk.io/.well-known/jwks.json
    idle
  • 04 · verify Ed25519 signature
    idle

> every byte you see here is on your machine. the JWK is fetched live from ochk.io/.well-known/jwks.json, the hash is computed by @noble/hashes in your browser, and the Ed25519 signature is verified by @noble/curves — no OC server is in the verification path.

> v1 demo envelopes carry placeholder signatures because the federation signing service is still being ratified. step 04 will report signature does not match on these — that's expected. once production envelopes land, the same verification trace runs against real Ed25519 sigs and reports signature valid with no code change.

§ envelope · raw json
{
  "v": 1,
  "kind": "oc-me-event",
  "id": "oc-me-543210fe",
  "class": "C",
  "subtype": "session_creation",
  "identity": "bc1q3rd2n9c8e5h7w4xkpvluvkz4qzeurgmvy3le3lr",
  "site": "breez.example",
  "gross_fee_sats": 80,
  "platform_fee_sats": 16,
  "user_earned_sats": 56,
  "occurred_at": "2026-04-29T18:34:51.063Z",
  "context": {
    "kind": "C",
    "subtype": "session_creation",
    "session_duration_seconds": 604800,
    "session_policy_label": "7-day session"
  }
}
§ verify this yourself
# verify this envelope yourself, offline.

# 1. fetch the canonicalized envelope
curl -s https://me.ochk.io/api/envelope/oc-me-543210fe > envelope.json

# 2. fetch oc's published Ed25519 public JWK
curl -s https://ochk.io/.well-known/jwks.json > jwks.json

# 3. re-derive the content hash
openssl dgst -sha256 -binary < envelope.json | base64

# 4. verify the signature
# (using @noble/curves or any ed25519 lib)
node -e "
  const { ed25519 } = require('@noble/curves/ed25519');
  const env = JSON.parse(require('fs').readFileSync('envelope.json'));
  const jwk = JSON.parse(require('fs').readFileSync('jwks.json')).keys[0];
  console.log('sig: ed25519:yZcu29ib:ce543210fe000000...0000');
  // verification details in /docs/verify
"

# 5. walk the OTS proof to a bitcoin block
ots verify envelope.ots

where this envelope came from

Every event on /me/earn has a verify link that points here. The full taxonomy of event classes is on /earn. The cryptographic primitives (Ed25519, OpenTimestamps, Nostr) are documented on /security.