AttestLayer Verify
Client-side verification of verification-kit integrity. No server upload.
This page verifies kits issued by AttestLayer. It does not certify controls or issue audit opinions.
If you received a kit.zip from a vendor or partner, upload it here to confirm it was issued by AttestLayer and has not been modified.
What this checks
- Signature validity
- Receipt integrity
- Manifest hash match
- Registry inclusion / checkpoint link
What a PASS means
- The kit was issued by AttestLayer infrastructure
- The manifest, receipt, and signature are internally consistent
- The receipt signature can be verified against the published issuer JWKS
- The receipt is anchored to the public checkpoint log
What a PASS does not mean
- ✗ It does not certify controls, assess risk, or opine on compliance
- ✗ It does not confirm anything about the submitter's security posture
- ✗ It does not replace an audit, legal opinion, or certification
- ✗ It does not guarantee the accuracy of the submitted evidence
Select a kit.zip. Verification runs entirely in your browser. Limit: 25 MB.
Drop kit.zip here
or click to browse
Provenance
Open a verification page by slug.
How to verify in under a minute
No account, no login, no API key. Works in any browser.
- Receive a kit.zip from the person who ran the attestation.
- Open verify.attestlayer.com (this page).
- Drag the kit.zip onto the upload area above.
- The verifier checks the manifest, receipt, and signature locally in your browser.
- See PASS or FAIL with a detailed step breakdown.
Nothing leaves your browser. The verification runs entirely client-side.
Next steps
Verify a kit, inspect the public registry, or evaluate the full issuance workflow.