BROWSER-SIDE VERIFICATION
No account required. Verification runs client-side. Public CLI verifier planned for stronger independent verification.
Cryptographic integrity verified locally in your browser using the Web Crypto API.
WHAT IS BEING VERIFIED
Every verification runs locally using the Web Crypto API. Once the proof bundle is exported, neither SEALISON nor Immutal servers are required for verification. A public CLI verifier is planned for stronger independent verification.
1. Field consistency
The root-level fields of the export (payload hash, entry ID, timeline ID, sequence number) must exactly match the values inside the cryptographic bundle. This prevents tampering of metadata that is not itself covered by the signature.
2. Leaf reconstruction
The leaf hash is recomputed from the raw entry fields using SHA-256 with a domain separator, and compared to the value in the bundle.
3. Merkle inclusion
The Merkle path is replayed to reconstruct the tree root, proving the entry is included in the signed log.
4. State composition
The state hash is recomposed from the Merkle root(s) of each timeline covered by the checkpoint.
5. Checkpoint integrity
The checkpoint hash is recomputed from the sequence, timestamp, state hash, and previous checkpoint hash.
6. Ed25519 signature
The signature is verified against the public key of the log (SPKI DER, base64). If this step passes, the checkpoint cannot have been forged without access to the log operator's private key.
Want to generate your own verifiable proofs?
▲ Try it yourself →