Verification steps
- Load ToneThread Root public key…
- Verify Tenant Site Certificate signature…
- Verify Post Certificate signature…
- Recompute ToneHash of post content…
- Compare recomputed hash to certificate…
Revision history
Originally published 2026-05-08, updated 2026-05-18; 3 revisions (this active certificate plus 2 prior).
| Issued | Superseded | Content hash |
|---|---|---|
| 2026-05-08T16:21:20.873Z | 2026-05-08 16:29:24 | tth_v1_c6bfe7b6397aa052 |
| 2026-05-08T16:29:24.524Z | 2026-05-18 11:31:26 | tth_v1_1b9b8b31e843f346 |
| 2026-05-18T11:31:26.620Z | — active — | tth_v1_0558611a169786f2 |
What this page exposes
Verification runs on the server. The browser only sees the public summary in the sidebar and the step-by-step ok/fail result above — never the certificate's raw signature, the tenant's raw public key, the ToneHash salt, the per-axis tonal scores, or the compact fingerprint string. Those stay on the signing host.
The public JSON at
/tonehash/cert/i-watched-a-man-decode-reality-while-his-kid-played-in-rockpools mirrors the
same surface. To independently audit a certificate's raw
signed payload you must request an authenticated cert-bundle
export from the operator —
how to request access.