Circlworld
Single-record verifier

Public verifier · Records bundle

Verify a Circlworld Records Bundle

Paste the JSON of a Circle Records Bundle below — or upload the file. This page recomputes the canonical hash in your browser and asks Circlworld's verifier whether the signature binds to a published key. The bundle never leaves your machine; only its hash is checked.

What this verifies

  1. Canonical hash match. Your browser recomputes a SHA-256 hash of the bundle JSON using the same canonical-key-sorted encoding the signer used. If the bundle has been edited after signing — a row added, an amount changed, an audit entry removed — the recomputed hash will not match the manifest hash.
  2. Signature binding. The manifest hash is sent to Circlworld's verifier endpoint, which checks the signature against the published key registry. If the key is valid and the signature was produced by Circlworld's KMS, the bundle's claimed origin is confirmed.
  3. What this does NOT verify. Whether the underlying data is true — only whether the bundle has been altered since Circlworld signed it. A signed bundle proves "Circlworld attested to this snapshot at this time", not "the Members in the snapshot acted honourably". Treat it as a tamper- evident container, not a guarantee of conduct.

The list of currently-published Circlworld signing keys is at /verify/keys. Cross-check the manifest's key fingerprint against that list to confirm the signature came from a key Circlworld publicly owns.