Verify a Receipt PUBLIC · NO LOGIN

Don't trust us — verify the receipt. Paste a DSSE/SZL receipt (JSON or a ?envelope= share link) or a receipt id. This page runs the checks against the published SZLHOLDINGS cosign public key and shows each result honestly. Nothing is fabricated.
A signature you can't check is just a claim.
Here you can check it yourself.

This is the "trust-us → verify-the-receipt" surface. Paste an SZL DSSE receipt below. The verifier: (1) checks the ECDSA-P256 signature against our public cosign key, (2) re-hashes the payload and compares it to the digest the payload declares about itself (not the chain id), and (3) walks the hash-chain to genesis if the receipt is in this process's ledger. Each check is labelled VERIFIED / MISMATCH / UNSIGNED-LOCAL / UNAVAILABLE.

Result
raw verifier response

    
How to read the honest labels

VERIFIED the check ran and passed.   MISMATCH the check ran and FAILED (bad signature, tampered payload, or broken chain).   UNSIGNED-LOCAL the envelope carries no signature — nothing to verify (never faked).   UNAVAILABLE the check could not be RUN here (no runtime key, or the receipt isn't in this process's in-memory ledger).

Λ = Conjecture 1 (never a theorem). This verifier adds nothing to the locked-8 (749/14/163 @ kernel c7c0ba17). Trust ceiling is never 100%. The signature is checked against the public key at szl-holdings/.github/cosign.pub, byte-compatible with cosign verify-blob. In-memory Khipu chains reset on a Space restart, so a hash-chain check can honestly read UNAVAILABLE for an older receipt id.
🌐Spaces