How does verification work?
Every Basirah evidence package ships with a SHA-256 manifest and an ed25519 signature. Drop one below: your browser re-derives every hash and checks the signature, and nothing is uploaded.
Drop a package here to check it
or click to choose the .zip. It's checked locally in your browser. Nothing is sent anywhere.
Tampering with any file changes its SHA-256, which breaks the signed manifest. That's what makes the package tamper-evident: a changed byte fails this check.