OC Stamp
Sign anything. Anchor the moment to Bitcoin. OC Stamp binds three things
into one envelope: authorship (BIP-322 signature from a Bitcoin address),
priority (an OpenTimestamps proof chained to a specific Bitcoin block header),
and optionally stake at signing (an OC Attest attestation reference). The result
is a self-contained .stamp envelope that anyone can verify offline, forever,
without calling ochk.io.
Who this replaces
OC Stamp was built to be better than the adjacent-and-broken incumbents:
| Incumbent | Problem OC Stamp solves |
|---|---|
| PGP / GPG signatures | No block-level priority anchor. Keyserver rot. Web of trust is a tarpit. |
| OpenTimestamps alone | Proves timestamp only. Says nothing about authorship. |
| C2PA / content credentials | x509-based vendor PKI. Trust hierarchy reintroduces gatekeepers. |
| EVM notarization contracts | Wrong chain. Per-stamp gas. Subject to reorg. |
Stamp borrows the best bits — OTS for anchoring, BIP-322 for authorship — and nothing else.
Use cases
- Release / commit signing via a
git-stampplugin (one stamp per release tag, anchored before public announcement). - Long-form publishing (authorship + "written before X happened").
- Legal self-notarization (no third-party notary; Bitcoin block time is the witness).
- DAO proposal authorship (the signer of record is cryptographically bound, not just the wallet that submitted the tx).
- Sybil-gated content feeds (combined with an OC Attest reference for stake-at-signing).
What it proves
A valid Stamp envelope proves:
- Authorship. The envelope was signed (via BIP-322) by the holder of a specific Bitcoin address.
- Priority. The envelope's ID was committed to a specific Bitcoin block by a specific height — so it could not have been fabricated after that block.
- Optional stake. If the envelope references an OC Attest attestation, verifiers can resolve the signer's sats-bonded × days-unspent at the moment of signing.
What it does NOT prove
- Humanness. Same as every other OrangeCheck protocol.
- Exclusivity. Someone with the same key can produce multiple stamps for conflicting content. Priority is per-stamp, not per-signer.
- Non-repudiation at the application layer. The cryptographic proof is solid; what the signer meant by it is still a judgment call.
Section contents
- Why OC Stamp — PGP + OTS + C2PA in one self-contained envelope.
- Quickstart — produce and verify your first stamp.
- How it works — sign + anchor in two steps.
- Protocol walkthrough — the three envelopes and how they compose with Attest and Lock.
- Envelope format — canonical JSON for signed statements and OTS proofs.
- OpenTimestamps — OTS proofs, upgrade paths, verification.
- OTS anchor — how
@orangecheck/stamp-otsbridges OpenTimestamps proofs into the envelope. - Nostr publication — publishing stamps on NIP-78 addressable events.
- Use cases — concrete patterns with code.
- Security posture — verification guarantees and what a stamp does NOT prove.
- Specification — normative rules, canonicalization, error codes.
Packages
@orangecheck/stamp-core— canonical message, envelope format,stamp(),verify()@orangecheck/stamp-ots— OpenTimestamps calendar client + proof helpers
See SDK overview.
Shared ecosystem concepts
- Canonical message format
- BIP-322 signing
- Nostr publication — published stamps live on
kind-30084 under d-tag namespace
oc-stamp:* - Conformance vectors
- Security model
Spec + implementation
- Normative spec:
oc-stamp-protocol/SPEC.md - Reference impl:
@orangecheck/stamp-core,stamp-otsinoc-packages - Reference site:
stamp.ochk.io