DPP verification

The verifier is a component of the Transpareo Time Machine, our open-source consumer app for Digital Product Passports: the very same check runs there automatically every time a product passport is opened. The authenticity of a passport therefore never depends on an assurance from the platform - it is recomputed in the visitor’s browser, here just as in every rendered passport.

Independently verifiable

Every published version of a Digital Product Passport is cryptographically signed when it is published - by the issuing company and by Transpareo as the platform. The signatures and the complete version history sit as public files alongside the product passport.

That is exactly what makes the check independent: you need neither an account nor a confirmation from Transpareo. The verifier loads the public files and recomputes the check entirely in your browser - nothing is uploaded.

What the result means

The verifier checks three things: the signatures of the current version, the signature of the manifest and the version chain - each version refers cryptographically to its predecessor, back to the first.

“Verified by Transpareo” appears only when the platform signature can be cryptographically attributed to Transpareo - via the keys held on this page or via the verifiable key provenance declared in the passport. If the signatures are valid but the signer’s identity cannot be confirmed, the result says exactly that - the data is then internally consistent, while the author remains open.

More on this: Trust that outlasts the product: signatures and certificates in the DPP.

More about the platform

From the signed product passport to the version history: get to know the platform behind verification.

Discover the platform