open-opticon — verify a bundle in your browser

Bound-output bundle (JSON)

Expected nonce (hex)

Last counter (anti-replay)

Advanced: endorsement pin & stream chain

Pin pub X (hex, optional)

Pin pub Y (hex, optional)

Expect prev_digest (hex, optional — stream gap detection)

The sample is a real bundle produced by the host signer (he-attest-sim) over a 3.1 kHz alarm clip, signed with the published P-256 test key — the same key and algorithm the QEMU TA uses. The verifier auto-detects the envelope: try the raw bound-output bundle or the standards-aligned COSE_Sign1 (RFC 9052) one — same key, same verdict. "Tamper a byte" flips one signed byte so you can watch the signature gate reject it.

What this proves. A PASS means the verdict was signed by the held key over exactly these bytes, echoes your nonce, and advances the counter — so it isn't forged, replayed, or altered by the untrusted host. It says nothing about the raw audio: that the audio never leaves the enclave is a firmware-attestation property, not something this signature alone proves (see the answers above, where such claims are marked "not proven by this check").

Equivocation proof (JSON — from a witness's /equivocation-proof)

Pinned witness A pub X (hex)

Pinned witness A pub Y (hex)

Pinned witness B pub X (hex)

Pinned witness B pub Y (hex)

A transferable equivocation proof is two checkpoints a log signed at the same size with different roots, each cosigned by an independent witness. A PASS here means — verified entirely in this tab, under the two keys you pin — the log equivocated. You must independently trust those two witness keys; the keys embedded in the proof are never trusted. Get a proof from he-witness's /equivocation-proof endpoint.