ProofSnap — Evidence Verification Guide
========================================================================
Evidence ID: ps_1eee2daa-cf4b-42a2-a0e2-86982d5f0897

This package is self-contained. Everything needed to verify it is inside the
ZIP. Three ways to verify:

  A) Run the bundled script (from the package root)
       macOS / Linux:  bash verification/verify.sh
       Windows:        powershell -ExecutionPolicy Bypass -File verification\verify.ps1

  B) Verify online — drag the ZIP onto https://getproofsnap.com/verify/index.html

  C) Run the four steps below by hand.

------------------------------------------------------------------------
STEP 1 — File integrity (SHA-256)
------------------------------------------------------------------------
manifest.json lists the SHA-256 hash of every other file in the package.
Recompute each hash and compare. Any mismatch, missing or extra file means
the package was altered after signing.

  macOS/Linux:  shasum -a 256 <file>
  Windows:      Get-FileHash <file> -Algorithm SHA256

------------------------------------------------------------------------
STEP 2 — Manifest signature (RSA + SHA-256)
------------------------------------------------------------------------
manifest.sig is a detached RSA signature over manifest.json, made with the
private key whose public half is publickey.pem. Verify:

  openssl dgst -sha256 -verify publickey.pem -signature manifest.sig manifest.json

"Verified OK" proves manifest.json (and therefore, via Step 1, every file it
lists) is authentic and untampered.

------------------------------------------------------------------------
STEP 3 — eIDAS RFC 3161 qualified timestamp  (if present)
------------------------------------------------------------------------
manifest.json.tsr is a qualified timestamp token bound to manifest.json,
issued by a Qualified Trust Service Provider on the EU Trusted List. It proves
manifest.json existed at the stamped time. Deep verify with the TSA root cert:

  openssl ts -verify -in manifest.json.tsr -data manifest.json -CAfile <tsa-root>.pem

The certificate chain and OCSP/CRL revocation data are in eidas_validation.json
(see its "summary" block at the top for a quick pass/fail read).

------------------------------------------------------------------------
STEP 4 — Bitcoin OpenTimestamps anchor  (if present)
------------------------------------------------------------------------
manifest.json.ots anchors manifest.json into the Bitcoin blockchain. Verify
with the OpenTimestamps client:

  ots verify manifest.json.ots -f manifest.json

------------------------------------------------------------------------
Hash chain
------------------------------------------------------------------------
forensic_log.json records the acquisition as a tamper-evident SHA-256 hash
chain. Each entry's hash = SHA-256 of its compact JSON; the running cumulative
hash = SHA-256(previous_cumulative + entry_hash), seeded with genesis_hash. The
operations are stored in chain order, so recomputing the cumulative hash over
them in order must reproduce hash_chain.final_hash, which in turn must equal
chain_of_custody.json -> forensic_log_final_chain_hash. The bundled scripts
(verify.sh / verify.ps1, step 3) recompute this chain for you; forensic_log_
summary.txt (package root) is a human-readable rendering of the same entries.

------------------------------------------------------------------------
C2PA provenance
------------------------------------------------------------------------
screenshot.jpeg carries an embedded C2PA manifest (exported as c2pa.json).
Re-validate at https://contentcredentials.org/verify or with c2patool. Note:
a "signing certificate untrusted" result is expected until ProofSnap's C2PA
certificate is added to the CAI/Adobe trust list; it does not affect the RSA
signature, timestamps, or hash chain above.
========================================================================
