Originality verification
This page reads the verification parameters from the URL of a Minidocs Originality QR code, verifies the signature, and renders the record. Nothing is sent to a server. The data lives entirely in the URL.
What the signature does — and doesn't — prove
What it proves: the QR code was produced by something that knew Minidocs's signing secret. If the badge above says Signature verified, no one tampered with the URL after Minidocs generated it. Edit a single character in the QR's URL and the badge flips to Signature mismatch.
What it does not prove:
- That the document was written without help, AI assistance, or copy-paste from elsewhere. The counters reflect what happened in the editor; they don't see what happened before.
- That the human at the keyboard is who they say they are. The "Author" field is the macOS account name, which is whatever the user configured.
- That the signing secret is unforgeable. The secret is embedded in the Minidocs app binary and in this web page's source. Anyone determined enough to extract it can produce a verified-looking QR with arbitrary numbers. This is the trust ceiling of an offline app: there is no server-of-record to consult.
Treat a verified record as evidence the author is willing to attach their name to. It raises the cost of forgery from "anyone with a text editor" to "anyone willing to read the app binary." For most academic and professional contexts, that's where the friction lands. It is not, and cannot be, cryptographic proof.
What this means in practice
Self-attested. Minidocs runs locally on the author's Mac. The "typed", "pasted", "inserted", and "imported" character counters are recorded by the editor as the document is written, and embedded in the QR code at export time. Minidocs does not send these to a server.
Counters are per-machine: a document opened on a different Mac will start fresh counters on that Mac. The install ID identifies the Minidocs install, not the human author.