Verify utilityOffline pathAir-gapped

Verify the air‑gapped verifier kit offline.

Offline verification for the published kit ZIP, DSSE envelope, signed keyring, and trust anchors. No uploads. No network calls. Deterministic PASS / FAIL / HOLD.

Run in a secure context (https:// or localhost).

Download kit ZIP Download DSSE Download signed keyring Download trust anchors Download SHA256SUMS Download sample receipt Verify commitments

Expected: this verifier checks that the selected ZIP matches the DSSE signature (Ed25519) and the payload digest/size. Unsupported crypto or missing inputs yields HOLD.

Inputs

Kit ZIP

DSSE signature (JSON)

Keyring snapshot (DSSE, JSON) — optional override

Supply‑chain mode (optional): verify that a release receipt matches the ZIP and that its blinded commitment is included in the public log. Optionally, verify the append‑only headchain (log‑of‑heads) so log updates are also auditable. Missing evidence yields HOLD (fail‑closed).

Require public commitment log verification
Recommended for procurement/audit: Receipt DSSE + commitment log JSON + signed head DSSE.

Require headchain verification (log‑of‑heads)
Adds append‑only update tracking for the signed commitment log head.

Release receipt (DSSE, JSON) — includes nonce

Commitment log (JSON)

Signed log head (DSSE, JSON)

Headchain log (JSON)

Signed headchain head (DSSE, JSON)

Export attachment bundle —

Signed keyring DSSEv1 PAE SHA‑256 Head‑of‑heads

Details

Computed SHA‑256
—

Computed bytes
—

Approval ID
—

Approval short code
—

Suggested attachment names

—

DSSE keyid
—

Key status
—

Keyring
—

Keyring root
—

Keyring snapshot hash
—

Payload schema
—

Payload sha256
—

Payload bytes
—

Computed commitment
—

Receipt commitment
—

Commitment log
—

Log head entry
—

Headchain
—

Procurement‑grade boundary language

Verification output is informational and non‑binding unless incorporated into a fully executed agreement. Public materials do not grant any patent license. This verifier is not a compliance certification.