AlphaAssay $ test my signal

Verify a certificate offline

Every AlphaAssay verdict can be verified without contacting AlphaAssay — that is the point of signing them. All you need is the public key below and any standard crypto tool.

1 — Save the public key

# Key-ID: key_9961d9e3190d69a6
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEA3pvfyosExDvDYzg8R1YMBu//7RvUWvuK/uanMlIJMQg=
-----END PUBLIC KEY-----

2 — Split the document

The delivered file contains the inner certificate object (canonical JSON, exactly as delivered — do not reformat it) and the signature_b64 value.

3 — Check

terminal
$ base64 -d <<< "$SIGNATURE_B64" > sig.bin
$ openssl pkeyutl -verify -pubin -inkey alphaassay.pub \
    -rawin -in certificate.json -sigfile sig.bin
Signature Verified Successfully

The same check in Python

python · cryptography
from cryptography.hazmat.primitives import serialization
from cryptography.exceptions import InvalidSignature
import base64

pub = serialization.load_pem_public_key(open("alphaassay.pub", "rb").read())
doc = open("certificate.json", "rb").read()   # exact bytes as delivered!
sig = base64.b64decode(signature_b64)

try:
    pub.verify(sig, doc)
    print("genuine ✓")
except InvalidSignature:
    print("altered or not ours ✕")

…and in Node

node ≥ 18
import { createPublicKey, verify } from "node:crypto";
import { readFileSync } from "node:fs";

const pub = createPublicKey(readFileSync("alphaassay.pub"));
const doc = readFileSync("certificate.json");        // exact bytes!
const sig = Buffer.from(signatureB64, "base64");

console.log(verify(null, doc, pub, sig) ? "genuine ✓" : "altered ✕");

Any modification — a flipped digit, prettified whitespace — makes the check fail. The convenient version lives at /verify; the paranoid version is this page, and we mean that as a compliment.