Background

Users can download their certificate as a Zip file ("archive"). This archive is designed so that:

This document covers the Archive file structure. Further information on how to verify the archive is located here:

Verifying a Verisart Certificate

Archive Structure

verisart-archive-[certificateID].zip
  files/
		[Base64Sha256].[extension]
    ...
  oldFiles/
    [Base64Sha256].[extension]
    ...
  versions/
    00001_2020_09_07_18_05_38/
				# The metadata file
			  metadata.json

			  # Signatures
        metadata.json.sig
        OWNER_VM_metadata.json
        ARTIST_metadata.json.sig

				# The manifest file      
	      manifest.json

        # The Open timestamp file
        manifest.json.ots

				# Private details
        owner.json
        ownerKey.json
				transferrerKey.json
        privateFields.json
        privateFiles.json

	00002_20201_01_01_11_23_42/
       ...

The archive files are downloaded as a plain Zip with filename verisart-archive-[certID].zip. The certificate ID is the unique UUID of the certificate.

The files/ folder contains all of the files which are currently referenced in the latest version (more on this in a second).

The oldFiles/ folder contains files which were previously referenced in an older version, but are no longer in the current version. (Our certificate format allows files to be removed, but they can never be fully deleted - versions and files are immutable). This folder only exists to avoid confusion about the current state of a certificate. Files are never truly deleted from a Verisart certificate format.

The versions/ folder contains a single folder for each version in the life of the certificate. A new version is created for each event in the certificates life (e.g. creation, transferring, editing etc).The versions are numbered numerically and by date. The latest (i.e. most recent) is state of the certificate at this point in time.

Metadata.json

The metadata.json file is the state of the certificate at a particular version. In the public field is stored public information about the work like title, dimensions, medium etc:

{
  ...
  "public" : {
	  "title" : "Untitled",
	  "type" : "VERISART",
	  "customization" : null,
	  "objectType" : "PAINTING",
	  "objectTypeOther" : null,
	  "edition" : null,
	  "editionObject" : null,
	  "inventoryNumber" : "MMA0001",
	  "productionYear" : 1936,
	  "productionLocation" : null,
	  "location" : {
	    "description" : "France"
	  },
	  "medium" : {
	    "description" : "Oil on canvas"
	  },
	  "dimensions" : {
	    "width" : 88.9,
	    "height" : 96.5,
	    "depth" : null,
	    "unit" : "CM"
	  }
    ...
}

It also contains a link to which images and files were present at that version. Each link refers to a file in files/ or oldFiles/ and a corresponding SHA256 hash in base64 encoding to validate those files:

{
  ...
  "publicFiles" : [ {
    "fileName" : "3pr0zXC9tlA8b1RiudkMi4bwDvZp7-dKM0qFd15v5B8.jpg",
    "hash" : "3pr0zXC9tlA8b1RiudkMi4bwDvZp7+dKM0qFd15v5B8=",
    "type" : "FRONT",
    "isPublic" : true,
    "isImage" : true,
    "isPrimary" : true,
    "label" : null
  } ],
  ...
}

It also contains information about who has cryptographically signed that version:

{
  ...
  "signedBy" : [ {
    "publicKey" : "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEQLooFj/6MgjCSKiTPLWvetX9jp53OP9OayVpDGGTjrcnRSL4gmk6RqXBnbW2D9aoa7u4gnA5Nq/PsJL/QwHuaA==",
    "type" : "VERISART",
    "fileName" : "metadata.json.sig"
  }, {
    "publicKey" : "...",
    "type" : "ARTIST",
    "fileName" : "ARTIST_metadata.json.sig"
  }],
  ...
}