Verify an approval

Paste an approval id to check it against Cosignet's public transparency log. Everything runs in your browser against public data — we recompute the log leaf, verify the Merkle inclusion proof, verify the approver's passkey signature over the exact payload, and verify the signed tree head. Nothing here trusts Cosignet's word.

Approval id

No id handy? Verify a live example approval →

How verification works

Leaf hash — the published entry fields hash to the leaf in the log.
Inclusion proof — the leaf is committed under the published Merkle root.
Passkey signature — the WebAuthn assertion was signed by the approver's device, and its challenge binds the exact payload hash.
Signed tree head — the root is signed (Ed25519) by the log key. The tree head is also anchored into Bitcoin via OpenTimestamps — a trust-minimized anchor that doesn't depend on trusting Cosignet.
Public reveal (only for opted-in approvals) — if the approval was published with public reveal, the bundle also carries the raw action and payload (checked here against the signed payload hash) and a PBKDF2 hash of the approver's verified email. You can type a candidate email to confirm it matches — note email is low-entropy, so this proves a known address rather than anonymity, and it's attested by our signed tree head, not by the passkey.

Prefer the command line? Reference verifiers (Node + Python) and the API are documented in the SDK repo; this page calls /public/log/entries/<id>/verification.