Verify a receipt.
Paste an OpenReceipt envelope. The verifier resolves the producer's JWKS, reconstructs the canonical JSON over signed_fields, and checks the ECDSA P-256 signature with WebCrypto. No account, no server round-trip beyond the JWKS fetch.
Input
paste base64 receipt or JSON envelopeResult
How verification works
The verifier accepts either the raw JSON envelope or the base64-encoded form returned in the X-CloakAPI-Receipt-v2 response header. It resolves the producer's JWKS (from {iss}/.well-known/openreceipt-pubkeys.jwks when iss is present, falling back to a published cache for the canonical CloakAPI gateway), looks up the key by kid when present, canonicalises the envelope per RFC 8785 (JCS) for v2 receipts or treats the OpenReceipt v1 sidecar payload directly, and verifies the ECDSA P-256 / SHA-256 signature using crypto.subtle.verify. The legacy ES512 / SHA-512 wire profile (cloakapi-gateway-v1) was retired in iter-16 and is no longer supported.
If verification fails, the result panel reports the exact failing step (JWKS fetch, kid lookup, signature length, or signature mismatch) so an auditor can reproduce the failure independently.