szl-govsign-live

DSSE / in-toto attestation signing story of the SZLHOLDINGS/szl-govsign kernel · PAE + ECDSA P-256 signed and verified in YOUR browser via WebCrypto
initialising…
HONESTY: the keypair below is a DEMO keypair generated locally in your browser at this page-load. It is NOT an SZL production signing key, and the envelope it signs is NOT an official SZL attestation. What IS real: the kernel source fetched live below (REPORTED, keyless), the PAE spec test vector, and every hash/signature operation executed here (MEASURED-in-your-browser). If any fetch or crypto step fails, this page says UNAVAILABLE — it fabricates nothing.

1 · The kernel's PAE, cross-checked against the DSSE spec vector

The kernel's pae.py implements PAE(type, body) = "DSSEv1" SP LEN(type) SP type SP LEN(body) SP body. This page re-implements that encoding in JS and checks it against the canonical DSSE spec test vector (PAE("http://example.com/HelloWorld", "hello world")). checking…


  

2 · Live in-browser DSSE sign & verify DEMO KEY

Subject digest = SHA-256 of the actually fetched pae.py bytes (computed here, now). The in-toto Statement v1 is PAE-encoded exactly as the kernel does, signed with the browser-generated ECDSA P-256 key, then verified.

DSSE envelope (generated here)

signature format: raw IEEE P1363 (r||s) as produced by WebCrypto · keyid demo-p256-inbrowser
demo public key (JWK, generated this page-load)

3 · The real kernel source REPORTED

Fetched keyless from huggingface.co/SZLHOLDINGS/szl-govsign (branch main) when you loaded this page — passed through verbatim.