Verify the integrity of any IIC v8.4.1 file

Verify in your browser

Drop one of the four official IIC v8.4.1 release files below. Verification runs entirely on your device — nothing is uploaded.

Accepted files: IIC-v8.4.1-Complete-Package.zip, IIC-User-Guide-v8.4.1.pdf, IIC-Technical-Specification-v8.4.1.pdf, IIC-Engineering-Specification-v8.4.1.pdf, IIC-Threat-Model-v8.4.1.pdf

Published release manifest

These are the cryptographic fingerprints of the current IIC v8.4.1 release. Compare locally-computed hashes against these values.

1. Complete Package (ZIP)

2. User Guide

3. Technical Specification

4. Engineering Specification

5. Threat Model

ECDSA P-256 public key (Base64-encoded)

Used to verify the ECDSA signature of the Complete Package ZIP.

Verify from your terminal

Prefer the command line? Compute the SHA-256 of the file you downloaded and compare with the published hash above.

macOS / Linux

shasum -a 256 IIC-v8.4.1-Complete-Package.zip
shasum -a 256 IIC-User-Guide-v8.4.1.pdf
shasum -a 256 IIC-Technical-Specification-v8.4.1.pdf
shasum -a 256 IIC-Engineering-Specification-v8.4.1.pdf
shasum -a 256 IIC-Threat-Model-v8.4.1.pdf

Windows (PowerShell)

Get-FileHash IIC-v8.4.1-Complete-Package.zip -Algorithm SHA256
Get-FileHash IIC-User-Guide-v8.4.1.pdf -Algorithm SHA256
Get-FileHash IIC-Technical-Specification-v8.4.1.pdf -Algorithm SHA256
Get-FileHash IIC-Engineering-Specification-v8.4.1.pdf -Algorithm SHA256
Get-FileHash IIC-Threat-Model-v8.4.1.pdf -Algorithm SHA256

If the computed hash exactly matches the published value above, the file is bit-for-bit identical to the published release (integrity verified).

What this verification provides

A successful match between your locally-computed SHA-256 hash and the published value provides:

• Integrity — the file is bit-for-bit identical to the published release
• Tamper detection — any modification to the file (even a single bit) would change the SHA-256 hash entirely
• Source consistency — the file you have is the same one published by Https Card — Internet Identity Card Ltd

For the Complete Package ZIP, an additional ECDSA P-256 signature can be verified against the published public key. The signature provides cryptographic evidence that the release was issued by the holder of the corresponding private key, assuming the public key has been obtained from a trusted source.

Independent timestamping (BTC + ETH)

Each release file is anchored on the Bitcoin and Ethereum blockchains via OriginStamp, and additionally on the Bitcoin blockchain via OpenTimestamps (a decentralized, self-verifiable timestamping protocol). Together these provide tamper-evident proof of existence at the timestamping date, verifiable independently on public block explorers (mempool.space, etherscan.io). Refer to the documentation page for the corresponding transaction links.

Defensive publications

The cryptographic architecture verified here is disclosed as open prior art on Technical Disclosure Commons, released under the Creative Commons Attribution 4.0 license:

• TDCommons #10079 — Cryptographic Identity Document System Using TOTP-Derived Symmetric Keys (12 May 2026)
• TDCommons #10167 — Self-Verifying Single-File Cryptographic Documents with Dual-Passphrase Architecture (19 May 2026)

Important notice

This verification confirms file integrity only. It does not constitute legal recognition, certification, accreditation, or endorsement by any authority. Internet Identity Card ™ is a private software-based identity and verification platform developed by Https Card — Internet Identity Card Ltd. References to electronic signatures, eIDAS, or regulatory frameworks are informational only.