Purpose. Define content integrity for an SSM-Clock Stamp using a deterministic file digest. All rules are plain ASCII and offline-verifiable.
Definition (must)
- File digest:
h_file = sha256(file_bytes) - The stamp field name remains
sha256(file)for compatibility; the actual digest algorithm is selected bykv:algo(defaultsha256). Supported:{sha256, sha3_256, blake2b-256}(all 256-bit →64hex). - Producers MUST emit lowercase
64-hex; verifiers MUST recompute under the declaredalgoand compare as hex strings.
Deterministic procedure (producer)
- Open the file in binary mode; read exact bytes (no newline or encoding changes).
- Compute
H_algo(file_bytes)in one pass or via streaming; both MUST yield the same hex digest. - Emit
h_fileas lowercase64-hex and place it in the stamp’ssha256(file)field (label is historical; algorithm is governed bykv:algo).
Streaming (allowed, must match)
- Implementations MAY stream bytes in fixed chunks:
digest = H_algo( concat(chunks) ). - The result MUST equal the monolithic hash of the same bytes.
- Chunk size is implementation-defined; it does not change the digest.
Acceptance (verifier)
- Read file in binary; compute
h' = H_algo(file_bytes)withalgo = kv:algoelsesha256. - Check shape: recorded digest is
64hex characters[0-9a-f]. - Pass iff
h'equals the recorded hex (string equality). - Any mismatch → FAIL.
Practical notes (non-normative)
- No normalization: never alter bytes (line endings, encodings, metadata). Hash the exact file as stored.
- Tooling hints:
- Windows (PowerShell):
Get-FileHash -Algorithm SHA256 "<path>" - Linux/macOS:
shasum -a 256 "<path>"
- Windows (PowerShell):
- Agility: switching algorithms (e.g., to
sha3_256) is non-breaking when declared viakv:algo.
Navigation
Back: SSM-Clock Stamp – Deterministic Clock from UTC (1.2)
Next: SSM-Clock Stamp – Append-only Chain (1.4)
SHUNYAYA 