How to Verify a Digital Evidence Certificate Online (Free, No Install)

Introduction

A digital evidence certificate is only useful if someone else can check it. The whole point is that the person relying on the file is rarely the person who made the certificate — it might be a judge, an auditor, a regulator or opposing counsel. So the question that matters is simple: can a third party verify a digital evidence certificate online, quickly, without installing anything? With e-Dex, the answer is yes. Every certificate it produces carries a SHA-256 integrity seal and a signed QR token, and there is a free online certificate verifier at /verify-certificate.html that checks both — entirely in the browser, with nothing uploaded. This guide walks through exactly how it works.

Two Ways to Verify Online

An e-Dex certificate can be checked two independent ways, and they answer slightly different questions. The first is the integrity seal: a SHA-256 hash computed over the certificate's content and stored in a small .json companion file. Re-computing that hash tells you whether the certificate is unaltered — a clean SEAL INTACT or a clear BROKEN. The second is the signed QR token: a compact token embedded in the certificate's QR code, carrying an Ed25519 digital signature. Verifying that signature tells you the certificate was issued by a specific signing key, and surfaces the certificate's facts plus a key fingerprint. The seal proves the document hasn't changed; the token proves who signed it.

Step by Step: Verify the Integrity Seal

Open the verifier at /verify-certificate.html in any modern browser. Drag the certificate's .json companion file onto the drop area (or click to choose it). The page reads the file locally, recomputes the SHA-256 seal over the certificate content using the browser's built-in Web Crypto API, and compares it to the value recorded in the certificate. If they match, you see SEAL INTACT — the certificate is exactly as it was issued. If even one byte has changed, you see BROKEN, telling you the document has been edited or corrupted and should not be trusted. There is no account, no upload, and no waiting on a server.

Step by Step: Verify the QR Token

The fastest route is the QR code printed on the certificate. Point a phone camera at it: the QR encodes the verify-page URL with the signed token already attached, so opening it loads the verifier and validates automatically. You will see SIGNATURE VALID together with the certificate's facts — the certificate number, the integrity hash, the issuer — and a key fingerprint that identifies the signing key. If you are working from a scanned copy or a PDF and cannot scan, you can simply paste the token text into the verifier and it checks the Ed25519 signature the same way. Either path confirms the certificate was signed by the expected key and has not been tampered with since.

What It Proves — and What It Doesn't

Be precise about the claim. A passing check proves two things: that the certificate is unaltered (the seal), and which signing key produced it (the signature and key fingerprint). It does not prove that the certificate exists in some central registry, because e-Dex certificates are generated offline on the issuer's own machine — there is no central database to look them up in. Instead, trust comes from cryptography: the PAdES signature and the key fingerprint establish who signed the certificate, and the seal establishes that nobody changed it afterwards. That is a strong, self-contained integrity story, but it is general information about how the tooling works, not legal advice about how any particular court will weigh the evidence.

Privacy: Everything Stays in Your Browser

Verification is 100% client-side. The .json companion you drop and the token you paste are processed locally — the SHA-256 seal is recomputed with Web Crypto and the Ed25519 signature is checked with a small bundled library, all inside the page. The certificate is never uploaded to any server, and nothing about the underlying matter leaves your device. That matters when the evidence concerns a confidential dispute, a sealed proceeding or a regulated dataset: you can hand a recipient a link to the verifier without exposing the contents to anyone.

Frequently Asked Questions

Do I need to install anything to verify a digital evidence certificate online?
No. The verifier at /verify-certificate.html runs entirely in your web browser. Anyone — a judge, an auditor, opposing counsel — can open the page on any modern device and check a certificate without installing software. e-Dex itself is only needed to generate a certificate, not to verify one.

Is my certificate uploaded to a server when I verify it?
No. Verification is 100% client-side. The .json companion you drop and the QR token you paste are processed locally in the browser using Web Crypto and a bundled Ed25519 library. Nothing about the certificate leaves your device, which is important when the underlying matter is confidential.

What is the difference between the integrity seal and the QR token?
The integrity seal is a SHA-256 hash that proves the certificate's content is unaltered: the verifier recomputes it from the .json companion and reports SEAL INTACT or BROKEN. The QR token carries an Ed25519 digital signature that proves which signing key produced the certificate: the verifier reports SIGNATURE VALID along with the certificate facts and a key fingerprint.

What does the online verifier prove, and what does it not prove?
It proves that the certificate is unaltered (the seal) and which signing key issued it (the signature and key fingerprint). It does not check the certificate against any central registry, because e-Dex certificates are generated offline. The PAdES signature and key fingerprint establish authorship; they do not, on their own, decide how a court will treat the evidence.

How do I verify a certificate by scanning its QR code with a phone?
Point your phone camera at the QR code printed on the certificate. The QR encodes the verify-page URL with the signed token attached, so opening it loads /verify-certificate.html and validates automatically, showing SIGNATURE VALID, the certificate number, the integrity hash, the issuer and the key fingerprint. If you cannot scan, you can paste the token text into the verifier instead.

Conclusion

Verifying a digital evidence certificate online should be the easy part, and with e-Dex it is: drop the .json companion to confirm SEAL INTACT, or scan the QR to confirm SIGNATURE VALID — free, instant, and entirely in your browser. If you also want to read about doing the same checks without any web connection, see how to verify a digital evidence certificate offline, and for what these certificates contain, see the evidence integrity certificate explained. To generate your own signed, time-stamped certificates, download e-Dex — the free Digital Evidence Integrity Suite.