How DSPIP Works

DSPIP uses cryptographic signatures, privacy-preserving encryption, and DNS-based key distribution to authenticate packages in shipping and logistics. Here's a complete walkthrough of the protocol flow.

The Digital Envelope Model

DSPIP follows a "digital envelope" paradigm for shipping labels. The envelope exterior (sender identity, last mile provider destination, tracking number) is publicly readable for routing. A cryptographic signature proves the label was created by the claimed sender and hasn't been tampered with. The actual recipient address and delivery instructions are encrypted for the last mile provider only.

Public (Exterior)
Sender Last Mile Provider Tracking ID Timestamp
Authenticity Seal
ECDSA Signature
Private Contents
Encrypted Recipient Delivery Instructions

This model protects recipient privacy while maintaining package routability. The encrypted recipient information can only be decrypted by the designated last mile provider using their private key.

Protocol Flow

1
Sender
Create Shipping Payload
The sender creates a JSON payload containing sender information, last mile provider or recipient, tracking number, and timestamp. The payload uses type "SHIP" for shipping applications.
2
Sender
Select Privacy Mode
Choose privacy mode based on security requirements: standard (full recipient visible), encrypted (recipient encrypted for last mile provider), or split-key (physical anti-cloning with Ed25519 keys).
3
Sender
Encrypt Recipient (Privacy Modes)
For encrypted and split-key modes, encrypt the recipient's address and delivery instructions with the last mile provider's public key using ECIES (Elliptic Curve Integrated Encryption Scheme).
4
Sender
Base64 Encode
The payload is Base64 encoded to ensure consistent handling across systems. Routing information (sender, last mile provider) remains readable while recipient data is encrypted.
5
Sender
Sign with Private Key
The sender signs using their secp256k1 private key (ECDSA + SHA-256). For split-key mode, the sender scratches Zone A on the physical label to reveal an Ed25519 private key for signing.
6
Sender
Generate QR Code
The complete data structure is serialized using pipe delimiters and encoded as a QR code. Format: DSPIP|version|SHIP|keyLocator|payload|signature
7
Sender
Attach Label to Package
The QR code is printed on a shipping label and attached to the package. For split-key mode, use authenticated labels with scratch-off zones containing Ed25519 keys.
8
Carrier
Transit Scanning
Carriers scan the QR code at each custody transfer point. The data is parsed (6 or 7 pipe-delimited fields) and the payload is Base64 decoded to read shipping information.
9
Carrier
DNS Lookup
The scanner queries the DNS TXT record at the key locator (e.g., warehouse._dspip.example.com) to retrieve the sender's public key. For split-key mode, this step is skipped.
10
Carrier
Verify Signature
Using the public key from DNS (or Zone B reveal for split-key), verify the signature. For split-key mode, recipient scratches Zone B to reveal Ed25519 public key for verification.
11
Carrier
Check Revocation
Query the sender's revocation list to check if the package has been reported lost, stolen, or recalled. Revocation lists auto-prune entries older than 180 days.
12
Last Mile Provider
Decrypt Recipient
The last mile provider (post office, corporate mailroom, residential carrier) decrypts the recipient information using their private key to reveal the actual delivery address.
13
Last Mile Provider
Deliver Package
Package is delivered to the actual recipient address. The carrier may require signature, age verification, or other confirmation methods specified in the encrypted delivery instructions.
14
Last Mile Provider
Delivery Confirmation
Cryptographic proof of delivery is recorded using a challenge-response protocol. The recipient signs a challenge with their delivery key, providing non-repudiable proof. Optional: Record custody chain to blockchain for immutable audit trail.

QR Code Data Structure

DSPIP data is serialized using pipe (|) delimiters for efficient encoding:

DSPIP|<version>|<type>|<keyLocator>|<encodedPayload>|<signature>[|<privateMessage>]
protocol
Fixed string "DSPIP" - identifies this as a DSPIP QR code
version
Semantic version string (e.g., "1.0") for protocol compatibility
type
Fixed to "SHIP" for shipping applications (enables future expansion)
keyLocator
DNS path for public key lookup (e.g., "warehouse._dspip.example.com")
encodedPayload
Base64-encoded JSON payload with shipping info (recipient may be encrypted)
signature
Hex-encoded ECDSA signature (or Ed25519 for split-key mode)
privateMessage
Optional Base64-encoded encrypted message

The pipe delimiter was chosen for its low frequency in Base64 and domain names. Implementations must validate that exactly 6 or 7 pipe-delimited fields are present.

Privacy Modes

Standard Mode (Legacy)

Traditional shipping with full recipient information visible in the payload. Best for business-to-business shipments where transparency is required.

Encrypted Mode (Privacy-Preserving)

Recipient information is encrypted with the last mile provider's public key using ECIES (Elliptic Curve Integrated Encryption Scheme) with AES-256-GCM. Only the designated provider can decrypt the actual delivery address.

Split-Key Mode (Maximum Security)

Physical anti-cloning protection using special labels with Ed25519 key pairs printed under scratch-off zones. The private key (Zone A) is revealed by the sender to sign, and the public key (Zone B) is revealed by the recipient to verify.

Key Distribution

Why DNS for Key Distribution?

DSPIP uses DNS TXT records for public key distribution, following the proven model established by DKIM (DomainKeys Identified Mail) for email authentication. This approach provides several benefits:

Last Mile Provider Registration

Organizations register as last mile providers by publishing DSPIP keys in DNS. Recipients can then select their preferred provider at checkout.

© 2025 Midwest Cyber LLC • dspip.iodspip.dev