EXIFer Pro Evidence Verification

Verify hashes, manifests, and signatures for EXIFer evidence bundles in your browser.

Media / artifact

Manifest (.json or .sha256)

JSON recommended: { "hashes": { "file.ext": "sha256hex" }, "tsaHash": "optional_sha256_token" }

Signature (.sig)

Detached signature over the manifest (raw ECDSA/Ed25519 preferred; CMS/P7S not parsed here).

TSA token (.tsr, optional)

If present, its SHA-256 should match the manifest's tsaHash field.

Public key (PEM) or leave blank to fetch ours

Default: fetch public-key.pem from this site. Replace with your official EXIFer signing key.

Expected hash (optional)

Idle

Computed: -

Expected: -

Server Receipt & QR

Send the verified hash to the server to get a timestamped receipt, permanent link, and QR.

Filename (optional)

Idle

Transparency log: View log

How to Verify

Compute SHA-256 of the media file and compare to the manifest hash.
Load the manifest and signature to confirm authenticity with the hosted public key.
Use an optional TSA file so you can verify a timestamp-token hash as well.

Why this matters

Matching hashes prove the media hasn't changed since the capture, and a verified signature proves the manifest came from EXIFer Pro. TSA receipts add tamper evidence to the timestamping process.