Verify a Touchstone disclosure

A disclosure is verifiable without trusting Touchstone. The authoritative way is the standalone verifier — it has no Touchstone or network dependency, just PHP with ext-sodium:

# fetch a disclosure bundle and verify it offline
curl -s https://touchstone.cv/d/<token> | php verifier/verify.php

It checks, for every entry:

• Integrity — the entry_hash recomputes (nothing was edited).
• Attribution — the Ed25519 signature matches the subject's registered key.
• Ordering — chain linkage + Merkle inclusion under an externally-anchored checkpoint.

It does not prove completeness — omission is possible below the evidence/inline tiers. The verifier prints the trust tier so you know which guarantee you're getting.

Have a bundle to check?

Paste a disclosure JSON below. (In-browser JS verifier coming; for now this is a convenience that re-runs the same checks server-side — for true independence, use the standalone verifier above.)