- Status: public verification kit for
craton.receipt.protocol.v1 - Runtime: no network calls, no package install, no Craton account required
- Use case: retained receipt + pinned JWKS bundle -> independent local verification
Craton receipts are designed to remain independently verifiable even if the Craton runtime is unavailable. This kit verifies a stored receipt locally with a pinned public key bundle. It does not call Craton, does not require a network connection, and does not send receipt data anywhere.
The verifier implements craton.receipt.protocol.v1 only. It verifies the Ed25519 signature over the exact decoded receipt.payload_b64 bytes before it parses or displays the signed payload.
verify.html- offline browser verifier with no external dependencies.verify.py- command-line verifier using only the Python standard library.examples/sample_receipt.json- a signed test receipt for this kit.keys/public_key.jwks.json- the public key bundle that verifies the sample receipt.
The included sample receipt and key are test fixtures. For production receipts, replace keys/public_key.jwks.json with the pinned public key bundle from:
https://cratonlayer.com/protocol/v1/jwks.json
Retain the receipt and the JWKS bundle together for audit records. Do not fetch a fresh JWKS later and treat it as proof of what was pinned when the receipt was created.
- Open
verify.htmlfrom this folder. It can be opened directly from disk. - Paste a receipt JSON object into the receipt field. You may paste either the receipt itself,
{ "receipt": ... }, or a full boundary response that containsreceipt. - Paste the public JWKS key bundle you retained with the receipt.
- Select Verify receipt.
The page verifies the Ed25519 signature over the decoded receipt.payload_b64 bytes. Only after the signature is valid does it parse and display the signed payload.
Verify the bundled sample:
python verify.py examples/sample_receipt.json --jwks keys/public_key.jwks.jsonVerify a production receipt with a pinned production key bundle:
python verify.py path/to/receipt.json --jwks path/to/pinned-public-key.jwks.jsonOn success, the script prints a JSON report with verified: true, the selected kid, a SHA-256 hash of the signed payload bytes, and the decoded signed payload. On failure, it exits non-zero and prints verified: false with a reason.
- The sample receipt and bundled key are fixtures for testing this kit. They are not production keys.
- Production verification depends on a receipt plus the exact public JWKS bundle retained for that audit record.
- The verifier rejects unsupported signature algorithms, non-canonical Ed25519 point encodings, small-order Ed25519 points, and payloads that are not
craton.receipt.protocol.v1. - Signature verification is performed before payload parsing. Do not reserialize the payload JSON and verify a transformed representation.
- This repository intentionally contains no production private keys, API keys, customer data, runtime configuration, or Craton server code.
This repository is intentionally narrow. It contains only the standalone offline verifier, a sample receipt fixture, and a sample public key fixture. It does not contain the Craton runtime, production signing keys, customer configuration, billing logic, or deployment configuration.
The verification logic follows craton.receipt.protocol.v1:
- Extract
receipt.payload_b64,receipt.signature, andreceipt.kid. - Select the public key in the JWKS whose
kidmatches the receipt. - Decode
receipt.payload_b64to bytes. - Decode
receipt.signatureand the selected Ed25519 public key. - Verify the signature over the decoded payload bytes exactly.
- Do not reserialize JSON before verifying.
- Parse the signed payload only after the signature is valid.
This is the basis for no-callback verification: a retained receipt plus a pinned public key bundle can be checked offline by auditors, counsel, engineers, or other authorized third parties.