How It Works
CertNode creates cryptographically verifiable receipts using industry-standard algorithms
The Cryptographic Receipt Creation Process
Hash Content (SHA-256)
When a transaction occurs, CertNode creates a cryptographic hash of the receipt data using SHA-256.
🔬 Technical Details
SHA-256 produces a unique 256-bit fingerprint of the data. Even a single character change produces a completely different hash.
💻 Code Example
TypeScript// Receipt data
const receiptData = {
amount: 299.99,
product: "React Course",
customer: "john@example.com",
timestamp: "2025-01-15T10:30:00Z"
}
// Create SHA-256 hash
const hash = crypto
.createHash('sha256')
.update(JSON.stringify(receiptData))
.digest('hex')
// Result: a3f2b1c4d5e6...
💡 Why This Matters
This hash proves the receipt data hasn't been tampered with. Any modification changes the hash completely.
🛡️ Why Cryptography?
⚖️ Legal Validity
Real-World Use Cases
Chargeback Defense
Customer claims "never received course". You present cryptographic receipt showing 85% completion, 42 lessons viewed, and RFC 3161 timestamp. Bank rules in your favor.
Content Authenticity
Prove when an image was created, who created it, and whether it's been modified. AI detection results are timestamped for court admissibility.
SaaS Usage Disputes
Customer disputes annual plan charge. You show cryptographic receipts proving 15,240 API calls, 95% uptime, and continuous usage over 11 months.
CertNode vs. Traditional Receipts
| Feature | Traditional Receipt | CertNode Receipt |
|---|---|---|
| Tamper-Proof | ✗ Easy to forge | ✓ Cryptographically sealed |
| Time Verification | ✗ Self-reported | ✓ RFC 3161 from neutral TSA |
| Independent Verification | ✗ Must trust merchant | ✓ Public JWKS verification |
| Court Admissibility | △ Requires witnesses | ✓ Self-authenticating (FRE 902) |
| Chain of Custody | ✗ No linkage | ✓ Parent/child relationships |
| Privacy Controls | ✗ All or nothing | ✓ Automatic PII redaction |
| API Automation | ✗ Manual process | ✓ Stripe, Shopify, API webhooks |
Frequently Asked Questions
Q: Can receipts be forged?
No. The cryptographic signature is tied to CertNode's private key. Anyone attempting to forge a receipt would need our private key, which is stored in an HSM (Hardware Security Module) and never leaves our secure infrastructure. Third parties can verify authenticity using our public JWKS endpoint.
Q: What if CertNode goes out of business?
Your receipts remain valid forever. The RFC 3161 timestamp is issued by an independent Time Stamping Authority (DigiCert TSA), not CertNode. The JWKS public keys can be archived and used for verification indefinitely. Cryptographic proofs don't depend on CertNode's continued operation.
Q: Are these legally admissible in court?
Yes. RFC 3161 timestamps with digital signatures are self-authenticating under Federal Rules of Evidence 902(13-14) and the E-SIGN Act. Courts regularly accept this type of evidence without requiring expert witnesses. However, you should always consult your attorney for specific legal situations.
Q: How fast is receipt creation?
Receipt creation takes 200-500ms: SHA-256 hashing (~5ms), ES256 signing (~10ms), RFC 3161 timestamp (~100-400ms depending on TSA response time), database write (~50ms). This happens automatically via webhooks - your customers never experience any delay.
Q: What about privacy (GDPR, CCPA)?
CertNode includes automatic PII redaction. Customer emails and account IDs are hashed (SHA-256) before display. Public verification shows proof without exposing raw PII. Receipts are private by default - businesses opt-in to public verification only when needed (e.g., dispute resolution).
Q: Can I verify receipts myself without CertNode?
Yes! That's the entire point. Use our public JWKS endpoint (https://certnode.io/.well-known/jwks.json) to verify signatures. Verify RFC 3161 timestamps against DigiCert TSA. Verify receipt chains by following parent_id links. Full verification can be done with standard crypto libraries (jose, node:crypto, OpenSSL).
Ready to Create Cryptographic Receipts?
Start with our Pay As You Go plan - $0/month base fee, $0.05/receipt. No commitment, cancel anytime.