Public verification

Verify an evidence bundle.

Paste a signed bundle JSON from /api/evidence/[date] below. The verifier checks (1) the HMAC signature against our key, and (2) the SHA-256 hash chain through the included pings.

How verification works

The signature uses HMAC-SHA256 over JSON(body) + "|" + signed_at. The hash chain verifies each ping's stored hash field equals sha256(prev_hash + ts + lat + lon + accuracy + battery + device_id). If any ping was modified, the chain breaks at that point.

Anyone can recompute the chain from the published ping data. Only Wovenmap can verify the HMAC signature (the key isn't public). For court use, request an expert-witness affidavit.