Verify a Connor bundle
Paste any Connor signed bundle below. Every receipt is verified in your browser using the public Ed25519 keys. Nothing is sent to a server. This page works offline once loaded.
or paste below
- Each observation carries a
receipt_json(a commitment: the hash of what was observed, asignature, and thepublic_keythat produced it) and, alongside it,signed_outputs— the exact data that was hashed and signed. The receipt itself holds no data; that is why the observed bytes are archived next to it. - This page calls
DRM3Provenance.verifySignature(receipt)from the open-sourcedrm3-provenanceWASM SDK loaded with this page. That proves attribution (Connor produced this receipt) and integrity (it has not been altered). - Where
signed_outputsis present, the page also canonicalizes it, computeshashValue(), and confirms it equalsreceipt.output_hash. That is the data-binding check: it ties the signature to the observed data itself. Observations recorded before Connor began archiving the signed payload show binding n/a — their signatures are still valid; the optional check simply cannot be run on them. - The page also fetches Connor's published key registry at /.well-known/connor-keys.json and grades every signing key's lifecycle: current keys verify, rotated keys verify for receipts inside their validity window (marked "key since rotated"), and compromised, revoked, or unregistered keys FAIL even when the signature math passes. If the registry is unreachable the result is reported as signature-only.
- Want to verify with your own tools? The SDK is at github.com/DRM3Labs/drm3-releases.