Puddingify Seal Logo
Register
Free Trial - Ends 2026/06/01

Puddingify Verification Tools

🔐 Create Identity Proof

Generate a cryptographically signed statement proving you control the private key bound to your alias and email — sealed with a Sectigo RFC 3161 timestamp.

Complete Workflow:

  1. Your alias and email are auto-populated from your Puddingify account — these are cryptographically bound to your private key at registration
  2. Add any Additional Claims (optional) — such as your website, social handles, or professional role
  3. Click Generate Message to Sign — this creates a timestamped plain-text statement asserting your control of the private key bound to your identity
  4. Review the generated statement, then upload your Puddingify private key — the tool verifies the key matches your account before signing
  5. Click Sign Message — or paste an externally generated Base64 signature if you signed using OpenSSL or GPG
  6. Your public key is auto-populated from your key file — or upload it separately
  7. Click Generate Identity Proof — your proof is cryptographically sealed with a Sectigo RFC 3161 timestamp
  8. Download your JSON proof file and raw message .txt — share the JSON with anyone who needs to verify your identity
🔐 About your Puddingify key binding: Your private key file is not just a cryptographic tool — it is a verifiably authentic identity document. Your alias, email, creation timestamp, and public key are combined into a unique SHA-256 binding hash at the moment of registration. This hash is digitally signed by your private key and stored on Puddingify's servers. Any attempt to tamper with the metadata or swap keys would produce a different hash — and the forgery would be instantly detected.

⚠️ Important: Anyone who gains access to your private key file could sign statements as you. Keep your private key secure and never share it. If you believe your key has been compromised, contact Puddingify immediately to revoke it.
ℹ️ What gets signed? Clicking the Generate Message to Sign button button below generates a plain-text statement asserting that at this exact moment, you control the Puddingify private key bound to your alias and email. This is the exact text that will be cryptographically signed — anyone with your public key can verify it independently. Use Additional Claims below to add extra details such as your website, social handles, or any instructions for the recipient.

🕐 Sectigo RFC 3161 Timestamp — Once signed, your proof is automatically timestamped by Sectigo, one of the world's largest and most trusted Certificate Authorities, used by governments, law firms, and financial institutions globally. This timestamp is cryptographically sealed and independently verifiable by any RFC 3161 compliant tool — it cannot be backdated, altered, or disputed.
ℹ️ Signature auto-filled above? If the tool signed your message automatically, the field below will be filled for you. If you signed the message externally (e.g., via OpenSSL or GPG on the command line), paste your Base64 signature here instead.

Click to select your public key file (.pem)

📄 Document Signing

Sign PDF, DOCX, TXT, and other documents to prove authorship.

Complete Workflow:

  1. Select your document file and add a description (your alias and email are auto-populated from your account)
  2. Generate the document hash — this creates a unique fingerprint of your file
  3. Upload your private key to sign the message
  4. Add your public key for verification
  5. Generate the complete proof
This field is automatically populated from your logged-in Puddingify account
This field is automatically populated from your logged-in Puddingify account
ℹ️ Signature auto-filled above? If the tool signed your message automatically, the field below will be filled for you. If you signed the message externally (e.g., via OpenSSL or GPG on the command line), paste your Base64 signature here instead.

Click to select your public key file (.pem)

🔗 Sign a File Hash

Generate a SHA-256 hash of any file and sign it to prove you had access to that exact file at a specific time.

Complete Workflow:

  1. Enter a hash manually or upload a file to generate one
  2. Add a description and generate the message to sign
  3. Upload your private key to sign the message
  4. Add your public key for verification
  5. Generate the complete proof
ℹ️ Signature auto-filled above? If the tool signed your message automatically, the field below will be filled for you. If you signed the message externally (e.g., via OpenSSL or GPG on the command line), paste your Base64 signature here instead.

Click to select your public key file (.pem)

📋 Sign JSON Data

Sign any JSON data structure to prove you authored it and that it hasn't been altered since signing.

Complete Workflow:

  1. Enter or paste your JSON data and validate it
  2. Add a description and generate the message to sign
  3. Upload your private key to sign the message
  4. Add your public key for verification
  5. Generate the complete proof
ℹ️ Signature auto-filled above? If the tool signed your message automatically, the field below will be filled for you. If you signed the message externally (e.g., via OpenSSL or GPG on the command line), paste your Base64 signature here instead.

Click to select your public key file (.pem)

✅ Verify Signatures

Manually verify a raw digital signature — paste the original message, the signature, and the signer's public key to confirm it's authentic.

Verification Process:

  1. Paste the original message that was signed
  2. Paste the digital signature to verify
  3. Upload the signer's public key (.pem) file
  4. Click "Verify Signature" to confirm validity

📄 Click to select message .txt file — or type/paste below

📄 Click to select signature file — or paste Base64 below

📄 Click to select public key .pem file

🔍 Verify Identity Proof

Verify someone's digital identity proof — upload their JSON file or paste the contents below.

Verification Process:

  1. Upload the JSON proof file or paste the contents below
  2. Click "Verify Proof" to check the digital signature
  3. See instant ✅ VALID or ❌ INVALID result
  4. Review the verified identity claims

🔒 Why This Proves Identity

The JSON proof contains three things locked together cryptographically:

  • The claims — the alias and email the person is asserting ownership of
  • A digital signature — generated using a private key only they possess
  • Their public key — which this tool uses to confirm the signature is genuine

If the result is ✅ VALID, it means: the signature on these exact claims was produced by whoever holds that private key — and the claims have not been altered since signing. No one can fake or modify this proof without the original private key.

📄 Click to select JSON proof file — or drag and drop here

📄 Verify Document Proof

Verify a document signature proof — upload the JSON file or paste its contents to confirm the document is authentic and unaltered.

Verification Process:

  1. Upload the JSON document proof file or paste its contents directly in the text area below
  2. Click "Verify Document Proof" to check the digital signature
  3. See instant ✅ VALID or ❌ INVALID result
  4. Review the verified document claims

📄 Click to select JSON proof file — or drag & drop here

🕐 Verify RFC 3161 Timestamp

Verify that a portfolio or copyright infringement notice was cryptographically timestamped by a trusted third party.

Verification Process:

  1. Paste the portfolio metadata JSON, or copyright infringement notice JSON, below
  2. Click "Verify Timestamp" to check RFC 3161 proof
  3. See instant ✅ VALID or ❌ INVALID result
  4. Confirm the timestamp cannot be backdated

What gets verified:

  • TSR Token is cryptographically valid (signed by Sectigo/RFC3161.ai.moda)
  • Merkle Root hash matches the timestamped hash
  • Timestamp is from a trusted third party (Sectigo)
  • Timestamp is legally binding proof of existence

📄 Click to select JSON file — portfolio metadata, identity proof, or copyright notice

🧾 Verify Manifest & Signature

Check whether a portfolio collection's manifest.json and its digital signature are authentic — enter the Collection ID and the creator's public key.

Verification Workflow:

  1. Enter the Collection ID to verify
  2. Upload the corresponding Public Key (.pem) file
  3. Click Verify Manifest & Signature to start
  4. View the verification result instantly ✅ or ❌
Your Collection ID can be found in your portfolio dashboard under the collection's settings or detail page.

Click to select your public key file (.pem)

🎓 Certificate Package Verification

Upload and automatically verify a complete certificate package (ZIP file). This will check all cryptographic proofs, signatures, and manifests.

Automated Verification Workflow:

  1. Upload the Certificate Package ZIP file
  2. System automatically extracts all files
  3. Verifies all cryptographic components:
    • ✓ Certificate authenticity
    • ✓ File content hashes
    • ✓ Filename manifest integrity
    • ✓ Merkle root calculation
    • ✓ Digital signature validity
    • ✓ RFC 3161 timestamp (if present)
  4. View comprehensive verification report

📦 Click to select Certificate Package ZIP file