HOW TO VERIFY

You don't need to trust Primust. Choose how you want to verify.

You don't need this website. pip install primust-verify — works offline, forever.

PATH 0Embed in your codeRECOMMENDED FOR B2B

from primust_verify import verify
result = verify(vpec_json)
result = verify(vpec_json, trust_root_pem=KEY_PEM)

Zero network calls. Works offline. Apache-2.0. pip install primust-verify

PATH 1CLI verificationRECOMMENDED FOR AUDITORS

primust verify vpec.json
primust verify vpec.json --trust-root key.pem
primust pack verify pack.json

Exit codes: 0=valid, 1=invalid, 2=system error (file/parse/verifier unavailable)

PATH 2Browser verification (this site)

Paste a VPEC ID or upload vpec.json on the home page. Hosted convenience — the math runs server-side. For trust-minimized verification, use Path 0 or 1.

PATH 3Offline HTML verification

Evidence Packs include verify.html — a self-contained verifier that runs entirely in your browser with zero network calls. Open the file. Done.

WHAT EACH PATH PROVES

All paths verify the same things

●Ed25519 signature is valid

●Commitment root matches check records

●Timestamps are RFC 3161 bound

●No records were added or removed after signing

Path 0 and 1 additionally

●Can pin a specific public key (zero trust in Primust infrastructure)

●Work offline indefinitely

●Are Apache-2.0 open source — inspect the code yourself

Path 2 (this site)

●Fetches the public key from Primust's JWKS endpoint

●Convenient but requires trusting this server for key resolution

●For audit purposes, always confirm with Path 0 or 1

# Install once. Verify forever.
pip install primust-verify
# Verify a VPEC
primust verify vpec.json
# Verify with your own trust root (zero network calls)
primust verify vpec.json --trust-root key.pem
# Verify an Evidence Pack
primust pack verify evidence-pack.json

Apache-2.0 licensed. No account needed. No network calls with --trust-root.

← Back to verifier