OpenChainGraph Suite · ART-124 · wave 23

Content Credential Signature Verifier

Verify the COSE_Sign1 claim signature against a caller-supplied signer public key (JWK) using crypto.subtle.verify. Algorithm allowlist: Ed25519, ES256, ES384, PS256. Trust-anchor membership, cert validity window, and revocation status are caller-supplied policy inputs — zero network, no OCSP/CRL fetched. Emits ACCEPT or REFUSE verdict.

C2PA 2.xCOSE_Sign1Ed25519/ES256W3C VC §13.11Zero PIIZero network

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Scope

Cryptographically verifies a C2PA Content Credential claim signature in-browser using WebCrypto. The caller supplies the signer public key (JWK), the signed bytes, the signature, and the trust posture. Zero network — trust-list and revocation lookups are policy inputs, never fetched.

Presets

Inputs

Algorithm allowlist

Revocation Status policy input

Trust Anchor Match policy input

Cert Not Expired policy input

Signer Public Key (JWK) JSON object

Signed Bytes (base64) COSE payload

Signature (base64) COSE_Sign1 signature bytes

Result

Execution Hash & §4 Artifact

SHA-256 execution hash (JCS canonical — RFC 8785):

Chain Handoff → art-125

Signature verdict (ACCEPT/REFUSE) + execution_hash feeds art-125 Provenance Ingredient Tree Resolver as parent_hashes.