Browser verifier · entirely client-side

Verify a receipt.

Paste an OpenReceipt envelope. The verifier resolves the producer's JWKS, reconstructs the canonical JSON over signed_fields, and checks the ECDSA P-256 signature with WebCrypto. No account, no server round-trip beyond the JWKS fetch.

Input

paste base64 receipt or JSON envelope

Result

No receipt loaded. Paste an OpenReceipt envelope and press Verify receipt to see the per-check breakdown.

How verification works

The verifier accepts either the raw JSON envelope or the base64-encoded form returned in the X-CloakAPI-Receipt-v2 response header. It resolves the producer's JWKS (from {iss}/.well-known/openreceipt-pubkeys.jwks when iss is present, falling back to a published cache for the canonical CloakAPI gateway), looks up the key by kid when present, canonicalises the envelope per RFC 8785 (JCS) for v2 receipts or treats the OpenReceipt v1 sidecar payload directly, and verifies the ECDSA P-256 / SHA-256 signature using crypto.subtle.verify. The legacy ES512 / SHA-512 wire profile (cloakapi-gateway-v1) was retired in iter-16 and is no longer supported.

If verification fails, the result panel reports the exact failing step (JWKS fetch, kid lookup, signature length, or signature mismatch) so an auditor can reproduce the failure independently.