Crypotraphy - savvato-software/all_docs GitHub Wiki

We create the document that represents an attribute / verified credential. So the hash of the document created will be deterministic.

"If there was a document like this, and if it was signed by this key, this would be the hash."

So later, when Bob wants to verify, so we check whatever file source (local DB, or IPFS, etc) for a document associated with that hash. And then the verifier takes the document and signs it with our known public key. When they get the hash (that is also the filename), they can be sure that we signed the document they have retrieved from IPFS, etc.