Verify a Codex Paper

Check that a Codex paper is genuinely from Nullproof Studio and hasn't been altered since it was signed. The verifier fetches the paper, its detached signature, and the signer's did:web document, then verifies the Ed25519 signature end to end — all in your browser.

What this page proves — and what it doesn't

When the check succeeds, it proves that the raw source of the paper we fetched is byte-for-byte identical to the bytes that were signed by the holder of the Ed25519 private key published under the signer's did:web document at the time of your visit. It does not, by itself, prove who that signer is in the real world, nor that the key hasn't been compromised.

Because this page runs on the same origin that publishes the paper, the signature, and the DID document, a full compromise of that origin would let an attacker replace all three and still pass this check. The real weight of the signature comes from running the same verification against an independently trusted copy of the public key — for example, a key you pinned the first time you read a Nullproof paper, or one vouched for by a third party you already trust.

The verification logic is small on purpose and can be read end to end. It uses @noble/ed25519 for the signature primitive and @scure/base for the multibase public-key decode — both auditable, dependency-free JavaScript libraries. If you want to confirm that what runs in your browser is what we say it does, read the source of this page on GitHub — every check performed here is in a single file.

How this paper is verified

What you read in your browser is an HTML page — but that page was built by Astro from a raw Markdown (MDX) file, and it's the raw bytes of that MDX file that were signed. Four artefacts are at play: the rendered page, the MDX source, the detached JWS signature, and the signer's public DID document. Each one points at the others through specific fields, and the verifier checks every one of those links. If any pointer, hash, or key disagrees, the whole chain breaks.

Cyan — the paper (its rendered HTML, its MDX source, and any field that references either).
Amber — the cryptographic material: the signature bytes themselves and the public key that verifies them.
Green — the signer's identity: the DID document and any field that points at it.

Rendered page The HTML page you read in your browser. Astro compiled it from the MDX source at build time — which is why verification happens against the MDX, not this HTML.

Title (what you saw at the top of the page)
Date (shown in the article meta)
Sourced from (the MDX file Astro compiled this page from)

MDX source The raw Markdown file with frontmatter metadata. Its bytes are what were signed — not the rendered HTML.

Title
Date
frontmatter verification: (where this paper says its signature lives)
SHA-256 of bytes (the paper's fingerprint — recomputed from the file we just fetched)

Signature (JWS) A short string that can only be produced by someone holding the signer's private key. It seals the paper.

alg (the signature algorithm used)
kid (who signed it — a pointer to their identity)
x-codex-payload-uri (which paper this signature is for)
x-codex-payload-hash (a fingerprint of the paper's exact bytes)
iat (when it was signed)
signature bytes (the actual seal — 64 bytes of Ed25519)

Signer's DID Document A public "ID card" for the signer — published at a known URL, listing the public keys they use.

id (the signer's identifier)

matched verificationMethod (the specific key we're verifying against)

id
type
publicKeyMultibase (the key that verifies the signature)

The chain, link by link

Verification trace (step-by-step)

Signature header & key details