The open verifier

The part of Sigilbase that works without Sigilbase.

Every claim this product makes comes down to one file: a standalone, open-source verifier that checks an evidence bundle with no network, no account, and no code from us. It ships inside every bundle, so whoever holds the evidence holds the means to check it. This page is what "open verifier" on the homepage actually means.

What it proves
Integrity

No event in the exported range differs by one byte from what was sealed. Every fingerprint is recomputed from the raw data in the bundle, not read from a summary.

Completeness of the range

Within the exported range nothing was removed, inserted or reordered. Sequence numbers are dense, the chain closes, and every sealed range rebuilds to the root that was signed.

Continuity and authenticity

Checkpoints chain to each other, so a sealed period cannot be quietly dropped, and every seal carries a valid Ed25519 signature from a listed public key.

the auditor's three commands
$ unzip evidence-bundle.zip
  manifest.json  events/  checkpoints/  verify.php

$ php verify.php ./evidence-bundle
  hash chain ......... ok
  merkle roots ....... ok
  signatures ......... ok
  PASS: every check held

$ curl https://sigilbase.io/api/v1/keys
  # compare against manifest.json: anchors the bundle
  # to our identity, not merely to itself
Why you can trust it

Independence is the point.

Deliberately self-contained

The verifier is a single PHP file with no dependencies: no package manager, no autoloading, no imports from the Sigilbase application. It intentionally reimplements every calculation rather than sharing code with the system it checks. It runs anywhere PHP 8.1 or newer runs.

Open source, and replaceable

The source is short enough to read in a sitting, and the bundle format specification is published so your own specialists, or any third party, can write an independent verifier from scratch. If ours had a convenient bug, a reimplementation would catch it.

It ships in the bundle

Every evidence bundle carries its own copy of the verifier, the public signing keys, and every proof it needs. An auditor with the file has everything; Sigilbase being unreachable, or gone, changes nothing.

Honest scope

What a PASS does not mean.

Tamper-evidence starts at ingestion, not before. What the verifier proves, it proves absolutely; these four things sit outside it, and we say so plainly.

01

It does not prove events were true when written. A false statement is sealed just as faithfully as a true one.

02

It does not prove the exported range is the whole story, only that the range in the bundle is intact.

03

It does not cover the minutes between an event arriving and its checkpoint being sealed. The seal's timestamp shows when rigidity began.

04

It does not identify people. The actor field is whatever the writing system claimed it was.

The full statement of guarantees and limits, written for auditors, is at how verification works.

Join the waitlist

Building now. Early access for teams whose evidence must stand on its own.

No spam, one email when it opens.

Privacy

This site runs no analytics and no trackers.

It collects one thing: an email address, if you choose to join the waitlist. That address is used to send one announcement when access opens, and nothing else.

To protect the waitlist form from automated abuse we use Cloudflare Turnstile, a privacy-preserving challenge from our hosting provider; it may set a temporary cookie for that purpose and is not used to track or profile you.

To have your email removed, contact hello@sigilbase.io.

Read the full privacy policy

Last updated July 2026