Verify a signed artifact

Paste a Testrim signed run artifact below. We verify the Ed25519 signature in your browser using the Web Crypto API. No data leaves your machine.

Why this proves something

Every signed artifact embeds an Ed25519 public key + a signature over a canonical-JSON serialization of the metadata. If verification passes, the contents have not been altered since the runner signed them. The signing private key never leaves the runner host — not even Testrim's servers ever hold it. An auditor (or you) holds the expected public key out-of-band; mismatch with the embedded key is itself a tamper signal.

Algorithm: ed25519-sha256-canonical-json-v1

Artifact JSON

The sample is a real artifact from our hourly production monitor of testrim.com itself.

Prefer the command line? The same algorithm runs in scripts/verify-artifact.py in the runner tarball (installed by ~/.testrim/runner/). Both yield identical pass/fail.