Docs · Install
Five ways to use the office.
The office offers entry points at every level of technical comfort: drop a file into a browser at one extreme, embed the protocol in your own pipeline at the other. The five paths below all produce the same kind of receipt — a SHA-256 fingerprint committed to a Bitcoin block — and any receipt issued by one path can be verified by any of the others.
If you have never used the service before, start with path one. It requires nothing on your machine and takes about thirty seconds. The other paths exist for repeated, automated, or fully-offline use.
1 · Through the website
The simplest path. Open orphograph.com, drag any file onto the dotted region, and press anchor. The browser computes the file's SHA-256 fingerprint locally; only the fingerprint is sent. A receipt with a sixteen-character identifier is returned in about thirty seconds and a confirmation can be emailed to an address of your choice. Nothing needs to be installed.
The same page also accepts a folder. The browser walks the folder, hashes each file in place, and submits a single Merkle root. See folder anchoring by Merkle root for the algorithm.
2 · Python SDK
For pipelines written in Python — backup scripts, evidence-intake jobs, batch processing of working sets. The package targets Python 3.9 or newer and depends on the standard library only.
pip install orphograph
from orphograph import anchor_folder, verify_folder
result = anchor_folder("/path/to/folder")
receipt_id = result["receipt_id"]
root_hex = result["root_hex"]
# Later, from a clean machine, given only the folder and the id:
ok = verify_folder("/path/to/folder", receipt_id)
assert ok is True
File bytes are not transmitted. The library streams each file through SHA-256 in one-megabyte chunks and submits only the manifest (paths, per-file digests, leaf hashes, and the thirty-two-byte root). Full reference is in the Python SDK README.
Developer detail · arguments, environment, inclusion proofs
Optional arguments to anchor_folder: server_url (default https://orphograph.com), api_key (sent as X-Orpho-Api-Key), client_label (free-form label persisted with the receipt), exclude (sequence of fnmatch patterns; None selects the default deny list, [] disables exclusion).
Environment defaults: ORPHO_SERVER_URL, ORPHO_API_KEY.
Console script and module entry points:
python -m orphograph anchor /path/to/folder
python -m orphograph verify /path/to/folder <receipt_id>
python -m orphograph inclusion-proof <receipt_id> <posix/rel/path>
An inclusion proof confirms that a single file belonged to the anchored folder without disclosing the rest:
from orphograph import inclusion_proof, verify_inclusion
proof = inclusion_proof(receipt_id=receipt_id, path="sub/photo.jpg")
ok = verify_inclusion(
file_path="/path/to/sub/photo.jpg",
rel_path="sub/photo.jpg",
proof=proof["proof"],
root_hex=proof["root_hex"],
)
The Merkle module carries the source SHA-256 in its header so divergence from the canonical algorithm is immediately visible. The tag orphograph-merkle-v1-rfc6962 is embedded in every manifest.
3 · Node SDK
The same surface, in TypeScript, for Node 20 or later. Zero runtime dependencies; the standard library modules node:crypto, node:fs, node:http, node:https, and node:path are the only requirements.
npm install orphograph
import { anchorFolder, verifyFolder } from "orphograph";
const result = await anchorFolder("/path/to/folder", {
serverUrl: "https://orphograph.com",
apiKey: process.env.ORPHO_API_KEY, // optional
clientLabel: "Case file 2026-05-20",
});
const { receipt_id, root_hex } = result;
// Later, given only the folder and the id:
const ok = await verifyFolder("/path/to/folder", receipt_id, {
serverUrl: "https://orphograph.com",
});
The TypeScript implementation is bit-for-bit compatible with the Python module and the browser implementation. Full reference is in the Node SDK README.
Developer detail · CLI binary, inclusion proofs
The package registers an orphograph binary executable via npx:
npx orphograph anchor /path/to/folder
npx orphograph verify /path/to/folder <receipt_id>
npx orphograph proof <receipt_id> <posix/rel/path>
Each subcommand writes one line of JSON to standard output. Exit code zero on a match, one on a mismatch.
import { inclusionProof, verifyInclusion } from "orphograph";
const proof = await inclusionProof(receipt_id, "sub/photo.jpg", {
serverUrl: "https://orphograph.com",
});
const ok = await verifyInclusion(
"/path/to/sub/photo.jpg",
"sub/photo.jpg",
proof.proof,
proof.root_hex,
);
verifyInclusion requires no network access; once the proof and the root are in hand, a third party with the file in question confirms membership locally.
4 · Offline command-line verifier
A standalone verifier that can confirm any receipt years from now, without any service to call. Standard library only; no pip install step; no network calls beyond the optional OpenTimestamps sub-check. The verifier is published under MIT so the format outlives the office.
curl -O https://orphograph.com/dist/orphograph-verify.zip
unzip orphograph-verify.zip
cd orphograph-verify
# Verify a folder against its manifest:
python3 verify.py folder --dir path/to/folder \
--manifest path/to/manifest.json \
--ots path/to/root.ots
# Verify a single file via an inclusion proof:
python3 verify.py file --file path/to/original.jpg \
--proof path/to/proof.json \
--ots path/to/root.ots
The verifier re-derives the Merkle root from the bytes on disk and, when --ots is supplied, invokes the OpenTimestamps reference client to confirm the Bitcoin-chain witness references the same anchor. See why a Bitcoin-anchored hash matters for the evidentiary background.
Developer detail · package contents, OpenTimestamps client
Package layout:
verify.py entry point (subcommands: file, folder)
merkle.py vendored RFC 6962 reference (SHA-256 banner in header)
README.md usage and rationale
LICENSE MIT
examples/ sample receipts and folders for smoke testing
The optional OpenTimestamps reference client confirms the Bitcoin witness:
pip install opentimestamps-client
ots verify path/to/root.ots
Without --ots, the verifier confirms that the folder on disk reproduces the recorded Merkle root; with --ots, it additionally confirms that the root is recorded in a Bitcoin block.
5 · MCP server
The office also publishes a Model Context Protocol server that exposes anchoring and verification as tools an AI assistant can call. Full installation instructions, including configuration for the common host applications, are at /mcp.html. The server is a thin wrapper over the same Python module described in section two; its receipts are interchangeable with receipts issued by any other path on this page.
Verifying a receipt
Any of the five paths above can issue a receipt; verification is described separately at /docs/verify.html. The receipt is the instrument; the chain is the trust anchor. A receipt issued through path one verifies under path four, and vice versa.
Further reading
Disclaimer. The office anchors the existence of a byte sequence at a recorded time. The office does not certify authorship, truth, originality, or compliance with any external standard, and does not give legal advice. A receipt is a description of what was anchored, not a judgment about what the anchored thing means. A customer with an actual dispute should consult counsel admitted in the relevant jurisdiction.