N
NextGenRails™
Software Integrity Receipt Authority
Independent Verification
NEXTGENRAILS™ | PUBLIC RECEIPT VERIFICATION

Verify cryptographic proof of software state.

Paste a signed CBOM receipt JWS to validate signature integrity against the public verification key published by the NextGenRails verification authority.

This confirms whether a receipt can be trusted as independent evidence, not just as a generated artifact. Advanced receipts can also be re-evaluated against current intelligence sources.

Start Verification

Public-key validation • receipt authenticity • optional time-aware re-evaluation

JWS Signature Verification RS256 Validation Public-Key Verification Time-Aware Re-check
No Private Key Exposure Independent Verification Public Verification Key Receipt Authenticity Check
Verification Consequence

Why Receipt Verification Matters

Evidence Check

A receipt only has value if it can be independently checked later. This page exists to confirm whether a signed receipt remains valid evidence of software state, outside the original issuance flow.

What It Checks
Authenticity
What It Detects
Tampering
What It Preserves
Evidence Value
Advanced Path
Current Re-check
Key Distinction
Unsigned artifact = claim • Valid signed receipt = independently verifiable evidence
Verification Scope

What This Page Confirms

Public Verification Path

This page confirms receipt authenticity, signature integrity, issuer linkage, and optional current-state re-evaluation without exposing private signing material.

Receipt Format
JWS / RS256
Verification Root
Public Key Endpoint
Authority Model
Independent
Re-check Scope
Advanced Receipts
Validation Summary
Receipt authenticity, signature integrity, issuer linkage, and optional current-state re-evaluation without exposing private signing material.
Verification Input

Verify CBOM Receipt

Awaiting Receipt

Paste a signed JWS receipt issued by the NextGenRails CBOM Verification Authority.

Receipt files contain a very long signed JWS. Upload the file instead of pasting — the signature is extracted and verified automatically.

Optional Advanced Re-check
Verification Notes
A valid receipt should: - contain three JWS segments separated by periods - decode to a header with alg = RS256 - verify successfully against the public key endpoint - include a receipt payload issued by NextGenRails - include advanced component summary data if live re-check is requested
Authority Scope

Public Verification Model

Independent Check

This page validates signed receipts against the public verification key published by the NextGenRails CBOM Verification Authority. It verifies authenticity and integrity of the issued receipt payload. If enabled and authorized, it can also re-run current intelligence analysis against advanced receipt data without storing the original manifest.

What this page confirms

  • The receipt was signed by the corresponding private key.
  • The signed payload has not been altered.
  • The receipt structure is valid JWS for RS256 verification.
  • The receipt can be independently checked using the public key endpoint.
  • Advanced receipts can be re-evaluated against current intelligence sources through a stateless re-check path.
Public verification key endpoint: /.netlify/functions/public-key
Verification Boundary
This page verifies the issued receipt and its signature. It does not reconstruct the original manifest from the receipt alone.
Live Re-check Scope
Current risk re-evaluation is only available for advanced receipts and requires authorized access.