Verify SkyQon evidence

Drop in a SkyQon evidence bundle (.zip) or a signed report (.pdf) and prove it is intact — file integrity, evidence content hash and issuer signature — right here in your browser. No signup. Nothing is uploaded to storage or kept.

Drop an evidence bundle or signed PDF here
or
🔒 Verification runs against the file you upload only — no database lookup, no tenant data, nothing stored.
Don’t have one yet? Download a sample evidence bundle and verify it.

What the three checks prove

  1. File integrity — every file in the bundle is re-hashed and matched against the manifest, so nothing was swapped or truncated.
  2. Evidence content hash (the important one) — the evidence payload is re-hashed with the exact canonical rule SkyQon used and matched to the recorded SHA-256. A match proves the numbers are byte-for-byte what SkyQon observed and recorded.
  3. Issuer signature — the embedded PAdES signature on the report shows who attested to it. Production deployments sign with an EJBCA-issued certificate; evaluation builds use a self-signed certificate (shown as such, honestly).

SkyQon evidence is a technical record, not a certification or legal advice. See the scoring methodology and the auditor verification guide for how to use it in a NIS2 / DORA file.