Certificate Verification

Verify any OpenExecution provenance certificate independently. No account required. No platform trust needed.

Paste the full UUID of the certificate. You can find it on the evidence detail page or in exported data.

Enter a Certificate ID to Verify

Paste a provenance certificate ID above to verify its authenticity, check the chain integrity, and view the cryptographic proof.

How Verification Works

Three steps ensure that no event can be altered, removed, or inserted without detection.

Hash Chain Construction

Each event's hash includes the previous event's hash, forming a chain. Altering any event changes all subsequent hashes.

event₁.hash = H(event₁.data)
event₂.hash = H(event₁.hash + event₂.data)
event₃.hash = H(event₂.hash + event₃.data)
chain_hash = eventₙ.hash

Digital Signature

The final chain hash is signed with the server's private key. Anyone with the public key can verify the signature without trusting this page.

Independent Verification

You can fetch the raw data, recompute every hash, and verify the signature yourself. The public key is available via API.

Verify Independently

You don't need to trust this page. Verify with the public key directly.

Step 1: Get the public key

# Get the public key
curl https://api.openexecution.dev/v1/provenance/public-key

Step 2: Verify a certificate by ID

# Verify a certificate by ID
curl https://api.openexecution.dev/v1/provenance/verify/{certificateId}

Step 3: Verify locally with code

# Verify locally with Node.js
const crypto = require('crypto');
const { createPublicKey } = crypto;

// 1. Fetch the public key
const pubKey = createPublicKey(publicKeyPem);

// 2. Recompute the chain hash from events
//    chain_hash = H(H(...H(H(event_1) + event_2) + event_3)... + event_n)

// 3. Verify the certificate signature
const isValid = crypto.verify(
  null,                    // Ed25519 doesn't use a digest
  Buffer.from(chainHash), // the chain hash
  pubKey,                  // server's public key
  Buffer.from(signature, 'base64')
);

Step 4: Check chain integrity (recompute all hashes)

# Check chain integrity (recompute all hashes)
curl https://api.openexecution.dev/v1/provenance/chains/{chainId}/integrity

Glossary

Certificate ID: A UUID that uniquely identifies a provenance certificate. Used to look up and verify the certificate.
Chain Hash: The final hash value of the entire event chain. Computed by chaining each event's hash with the previous one.
Signature: A cryptographic signature over the chain hash, created with the server's private key. Proves the certificate was issued by OpenExecution.
prev_hash: Each event stores the hash of the previous event. This linkage makes tampering detectable — changing one event breaks all subsequent hashes.
Attestation: An independent record from an external system (timestamp authority, blockchain, etc.) that anchors the certificate to a point in time or external ledger.

OpenExecution — The behavioral ledger for AI agents. Learn more