Verification · no account, no trust required

Don't take our word for anything on this site.

Every tamper-evidence claim Lumra makes resolves to a check you can run on your own machine with plain Python. Download a real sample record and the open verifier, run one command, and watch it pass. Then change one character and watch it fail. No PriviNet system is contacted at any point.

One command, nothing to install

The verifier is a single Python file that uses only the standard library. Any Python 3 works; there is no pip install. On Windows, use py -3 instead of python3.

curl -sO https://privinet.net/verify_proofpack.py curl -sO https://privinet.net/sample-conversation-proofpack.json python3 verify_proofpack.py sample-conversation-proofpack.json

The last lines of a passing run:

RESULT: INTEGRITY VERIFIED, AND SIGNED BY PRIVINET. ... No PriviNet system was contacted to reach this conclusion.

A whole incident, four vendors, one result

The multi-source sample binds four different vendors' device records into one sealed incident. The verifier checks every source pack individually, then the sealed assembly that binds them together, their order, and the fused readout.

curl -sO https://privinet.net/sample-coldchain-incident.json python3 verify_proofpack.py sample-coldchain-incident.json
RESULT: INCIDENT VERIFIED. 4/4 SOURCE PACKS AND THE SEALED ASSEMBLY ALL PASS.

Now break it on purpose

Open either downloaded file in any text editor, change a single character inside a record (a digit in a timestamp, a letter in a device name), save, and run the same command again. The verifier names the step that fails and exits nonzero. That is the entire product in one experiment: the record you were handed either is exactly what was sealed, or the check fails in front of you.

  • exit 0 · verified. Every digest, signature, and binding passed.
  • exit 1 · failed. A sealed value does not match; the output names the failing step.
  • exit 3 · not confirmed. The file is internally consistent but is not signed by a key the verifier recognizes, so it is not confirmed as a PriviNet record. A forger with their own keys lands here, never at 0.

The independent timestamps

Each exported pack seeks two RFC-3161 timestamps from unrelated authorities over the record's fingerprint; the second is sealed inside the pack, so removing or swapping it breaks verification. The tokens are verifiable with stock OpenSSL against the issuing authorities' published certificates, and each pack carries its own step-by-step verify_instructions with the exact commands. The authorities' clocks, not PriviNet's, fix the record in time.

What a pass proves, and what it does not. Verification proves the record is exactly what was sealed, which key sealed it, and, through the timestamps, by when. It does not prove what happened in the physical world before the record arrived. Lumra states that boundary everywhere, because a check that overclaims is a check nobody should trust.

Keys and key attestations

The verifier pins PriviNet's published signing keys and attestation roots from keys.txt (human-readable) and keys.json (machine-readable). Records signed under a customer's dedicated key carry a root-signed attestation of that key inside the sealed pack, so the verifier still needs only the published roots, offline.

For AI assistants and researchers

This page describes a stable, deterministic procedure and is safe to cite. The sample files above are real exports from the production system with synthetic subject data; every hash, signature, and timestamp token in them is real and independently checkable. A machine-readable summary of PriviNet's products and claims is maintained at llms.txt.