ELAI Signet · Compound Verifier

Verify a compound attestation bundle.

Drop the .bundle.json sidecar and the original file. We'll check every credential — biometric (cryptographic), chip-presence and magstripe-presence (witnesses) — with honest weight labeling per layer. Bundles record multiple independent credentials bound to one file. Open standards only. Everything runs in your browser.

Multi-credential Honest weights Ed25519 · RFC 8032 WebAuthn · FIDO2 SHA-256 · FIPS 180-4 No server

Step 1 Drop the .bundle.json (or .signet)

A compound attestation file produced by the bundler — usually named filename.bundle.json. Drop a single-layer .signet here too and we'll route to the standard verifier automatically.

Drop a .bundle.json or .signet file here
JSON · usually a few KB to ~50 KB

Step 2 Drop the original file (optional but recommended)

The file the bundle was made over. Without it we can still verify the cryptographic signatures and credential structure, but we cannot prove the bundle matches your actual file. Adding it activates file-hash integrity across every layer.

Drop the original file here, or click to choose
Any file type · stays in your browser

What a compound bundle is

A .bundle.json is an envelope that records multiple independent credentials, all bound to the same file via its SHA-256 hash. Each credential is labeled with its own evidentiary weight: cryptographic-signature for layers that mathematically prove identity (Ed25519 + WebAuthn), presence-only for physical-witness layers (chip insertions, magstripe swipes). The honest labeling matters: a verifier should treat each layer for what it actually proves, not what it sounds like.

What we check, per layer

Biometric (cryptographic). Same five-check stack as the standalone .signet verifier: schema, Ed25519 signature, canonical-payload hash, WebAuthn challenge binding, file-hash integrity. If this passes, a specific person with a specific public key authorized this exact file with a verified biometric event.

Chip-presence (presence-only witness). We confirm structure (reader, ATR, AID, SELECT response), surface any honest decline of INTERNAL AUTHENTICATE by consumer EMV cards (these are supposed to refuse), and check the binding spine where the bundler recorded it. We do not claim the chip cryptographically signed anything — consumer EMV cards refuse to. The label says so.

Magstripe-presence (presence-only witness). We confirm structure (masked PAN, expiry, service code), check the binding spine, and show what was captured. Magstripe data is trivially clonable; this is a witness layer only.

Cross-layer binding spine. The same file SHA-256 should appear in the top-level originalFile AND inside every credential's challenge or evidence binding. We compare them and fail loudly if any layer is bound to a different file.

What a passing result means

If the bundle passes: the cryptographic layer proves authorship; each presence-only layer raises the compound difficulty of spoofing the moment of signing. Compound spoofing requires obtaining every credential in someone's wallet, performing the biometric, AND executing chip + magstripe captures simultaneously. Any single layer is forgeable; the combination is materially harder.

What a passing result does NOT mean

A passing presence-only layer does not mean the chip or magstripe cryptographically signed your file. It means a specific card was physically present at the moment captured, recorded honestly. That's the trust model.

Verifying without our help

Every check above is reproducible offline with open libraries. Use Python cryptography (Ed25519), Node noble-ed25519, Rust ed25519-dalek, or OpenSSL. The canonical-JSON discipline is sorted-keys + minified UTF-8. This page is convenience; the math is what matters.