N
NextGenRails™
Software Integrity Receipt Authority
Independent Verification
NEXTGENRAILS™ | PUBLIC RECEIPT VERIFICATION

Verify a signed receipt independently.

Paste a signed CBOM receipt JWS to validate signature integrity against the public verification key published by the NextGenRails verification authority. Advanced receipts can also be re-evaluated against current intelligence sources.

Start Verification

Public-key validation • receipt authenticity • optional time-aware re-evaluation

JWS Signature Verification RS256 Validation Public-Key Verification Time-Aware Re-check
No Private Key Exposure Independent Verification Public Verification Key Receipt Authenticity Check
Verification Scope

What This Page Confirms

Public Verification Path

This page confirms receipt authenticity, signature integrity, issuer linkage, and optional current-state re-evaluation without exposing private signing material.

Receipt Format
JWS / RS256
Verification Root
Public Key Endpoint
Authority Model
Independent
Re-check Scope
Advanced Receipts
Validation Summary
Receipt authenticity, signature integrity, issuer linkage, and optional current-state re-evaluation without exposing private signing material.
Verification Input

Verify CBOM Receipt

Awaiting Receipt

Paste a signed JWS receipt issued by the NextGenRails CBOM Verification Authority.

Optional Advanced Re-check
Verification Notes
A valid receipt should: - contain three JWS segments separated by periods - decode to a header with alg = RS256 - verify successfully against the public key endpoint - include a receipt payload issued by NextGenRails - include advanced component summary data if live re-check is requested
Authority Scope

Public Verification Model

Independent Check

This page validates signed receipts against the public verification key published by the NextGenRails CBOM Verification Authority. It verifies authenticity and integrity of the issued receipt payload. If enabled and authorized, it can also re-run current intelligence analysis against advanced receipt data without storing the original manifest.

What this page confirms

  • The receipt was signed by the corresponding private key.
  • The signed payload has not been altered.
  • The receipt structure is valid JWS for RS256 verification.
  • The receipt can be independently checked using the public key endpoint.
  • Advanced receipts can be re-evaluated against current intelligence sources through a stateless re-check path.
Public verification key endpoint: /.netlify/functions/public-key
Verification Boundary
This page verifies the issued receipt and its signature. It does not reconstruct the original manifest from the receipt alone.
Live Re-check Scope
Current risk re-evaluation is only available for advanced receipts and requires authorized access.