Create Your Identity
Build a cryptographically verifiable contact card with selective disclosure
Import Existing Master Card
Already have a master card? Import it here
Drop encrypted master card file here
or click to browseVerify Identity
Cryptographically verify any silhouette
Import Silhouette
Drop .vcf, .json, or .png file here
or click to browseAbout Silhouette
Your digital identity, your control—share what you want, prove it's real
You Choose What to Share
Share only what's relevant for each situation. Maybe just your name and email for one person, your verified ID for another—it's up to you.
Proof Without Trust
Anyone can instantly verify your information is authentic. No calls, no waiting, no relying on a company to vouch for you.
Works Everywhere
Compatible with standard contact formats. Add to your phone, share via email, or scan a QR code—just like any business card.
How It Works
Think of it like a secure passport for your digital life:
Create Your Master Card
Store all your information in one secure place—name, email, verified accounts, ID info—all encrypted with a password only you know.
Verify Your Information
Connect your social accounts (Discord, GitHub, Twitter), scan your ID, or verify your email to prove your information is real.
Create Custom Silhouettes
Choose exactly which details to share for each situation—maybe just your name and Twitter for a conference, or your full verified ID for a job application.
Share & Verify Instantly
Recipients can instantly verify everything is authentic—no phone calls, no emails to HR, no waiting. It just works.
Why This Matters
Every time you share a resume or fill out a form, you're trusting strangers with your full address, phone number, and personal details. Silhouette lets you share only what's needed—and prove it's real—without giving away everything about yourself.
🔬 For the Technically Curious
How the Cryptography Works
Silhouette uses battle-tested cryptographic primitives to create a zero-knowledge proof system for selective disclosure:
Step 1: Master Card Creation
When you create a master card, we generate an Ed25519 keypair in your browser. Your private key never leaves your device. All your claims (name, email, verified accounts, etc.) are organized into a Merkle tree—a cryptographic data structure where each leaf is a SHA-256 hash of a claim, and parent nodes are hashes of their children.
The Merkle root (the top hash) represents a commitment to all your data. We sign this root with your Ed25519 private key, creating a digital signature that proves the entire tree came from you.
Step 2: Encryption & Storage
Your master card is encrypted using Argon2id, a memory-hard key derivation function that turns your passphrase into an encryption key. This protects against brute-force attacks even if someone gets your encrypted master card file.
The encrypted master card is stored in your browser's localStorage, and you can export it as a backup. Without your passphrase, the encrypted data is computationally infeasible to decrypt.
Step 3: Creating a Silhouette (Selective Disclosure)
When you create a silhouette, you select which claims to reveal. For each revealed claim, we include:
- The actual claim data (e.g.,
email: "alice@example.com") - A Merkle proof—the sibling hashes needed to reconstruct the path from this leaf to the root
Claims you don't select remain hidden. The verifier never learns what other claims exist in your master card—they only see what you chose to share.
Step 4: Verification Process
Anyone can verify a silhouette without contacting you or any third party. The verification process:
- Hash each disclosed claim with SHA-256
- Use the Merkle proofs to compute what the root hash should be
- Verify the Ed25519 signature on the root using your public key
- Check any attestations (OAuth verifications, ID scans) for authenticity
If the signature is valid and the Merkle proofs check out, the verifier knows: (1) these claims came from the holder of the private key, (2) the claims haven't been tampered with, and (3) any attestations were validated by the respective authorities.
Attestations (Third-Party Verification)
For claims requiring external proof (Discord, GitHub, Twitter, ID verification), we use OAuth 2.0 flows or challenge-response protocols:
- OAuth accounts: The user authenticates with the provider, we receive a token proving ownership
- ID verification: Integration with Stripe Identity to verify government-issued IDs
- PGP keys: Challenge-response signing to prove ownership of a PGP private key
These attestations are stored separately and included in silhouettes when relevant claims are disclosed.
Privacy guarantee: Your master card and private key never leave your device. All cryptographic operations happen locally in your browser. No servers, no databases, no tracking. The only network requests are OAuth flows when you explicitly verify social accounts.