Step 1 Drop the .bundle.json (or .signet)
A compound attestation file produced by the bundler — usually named
filename.bundle.json. Drop a single-layer .signet here too
and we'll route to the standard verifier automatically.
.bundle.json or .signet file hereStep 2 Drop the original file (optional but recommended)
The file the bundle was made over. Without it we can still verify the cryptographic signatures and credential structure, but we cannot prove the bundle matches your actual file. Adding it activates file-hash integrity across every layer.
What a compound bundle is
A .bundle.json is an envelope that records multiple independent credentials, all bound to the same file via its SHA-256 hash. Each credential is labeled with its own evidentiary weight: cryptographic-signature for layers that mathematically prove identity (Ed25519 + WebAuthn), presence-only for physical-witness layers (chip insertions, magstripe swipes). The honest labeling matters: a verifier should treat each layer for what it actually proves, not what it sounds like.
What we check, per layer
Biometric (cryptographic). Same five-check stack as the standalone .signet verifier: schema, Ed25519 signature, canonical-payload hash, WebAuthn challenge binding, file-hash integrity. If this passes, a specific person with a specific public key authorized this exact file with a verified biometric event.
Chip-presence (presence-only witness). We confirm structure (reader, ATR, AID, SELECT response), surface any honest decline of INTERNAL AUTHENTICATE by consumer EMV cards (these are supposed to refuse), and check the binding spine where the bundler recorded it. We do not claim the chip cryptographically signed anything — consumer EMV cards refuse to. The label says so.
Magstripe-presence (presence-only witness). We confirm structure (masked PAN, expiry, service code), check the binding spine, and show what was captured. Magstripe data is trivially clonable; this is a witness layer only.
Cross-layer binding spine. The same file SHA-256 should appear in the top-level originalFile AND inside every credential's challenge or evidence binding. We compare them and fail loudly if any layer is bound to a different file.
What a passing result means
If the bundle passes: the cryptographic layer proves authorship; each presence-only layer raises the compound difficulty of spoofing the moment of signing. Compound spoofing requires obtaining every credential in someone's wallet, performing the biometric, AND executing chip + magstripe captures simultaneously. Any single layer is forgeable; the combination is materially harder.
What a passing result does NOT mean
A passing presence-only layer does not mean the chip or magstripe cryptographically signed your file. It means a specific card was physically present at the moment captured, recorded honestly. That's the trust model.
Verifying without our help
Every check above is reproducible offline with open libraries. Use Python cryptography (Ed25519), Node noble-ed25519, Rust ed25519-dalek, or OpenSSL. The canonical-JSON discipline is sorted-keys + minified UTF-8. This page is convenience; the math is what matters.