How do I verify RightsDocket signed metadata?

Extract the signature and key ID from the signed metadata, fetch the matching public key from https://www.rightsdocket.com/.well-known/jwks.json, verify the Ed25519 signature against the signed payload, and confirm the embedded RFC 3161 trusted timestamp. A reference verifier in Node.js and Python is published at https://github.com/abasuprab-png/rightsdocket-verifier.

What does a RightsDocket signature show?

A valid Ed25519 signature on RightsDocket signed metadata shows the payload was generated by RightsDocket using the documented private key, has not been altered since signing, and existed at or before the embedded timestamp.

How does RightsDocket use C2PA-aware verification?

RightsDocket supports C2PA-aware signing and verification for supported assets. Public record verification still works from signed metadata and the RightsDocket verification link, even when file metadata is unavailable.

Does RightsDocket decide legal or platform status?

No. RightsDocket documents signed metadata, AI-use disclosure context, and public verification. It does not decide copyrightability, ownership, registration outcome, or platform status.

What is the RightsDocket public key fingerprint?

The current Ed25519 public key fingerprint (sha256 of decoded DER) is c8fcdf45912728467a54224a7a93220800bc0947583c70753d17df5bfc15bc9e. Key ID: rd-sign-2026-05-06, activated 2026-05-06. JWS thumbprint: yPzfRZEnKEZ6VCJKepMiCAC8CUdYPHB1PRffW_wVvJ4. The current key material is published at https://www.rightsdocket.com/.well-known/jwks.json.

How are RFC 3161 timestamps verified on RightsDocket assertions?

Each assertion includes an RFC 3161 timestamp from a public Time Stamp Authority. The technical verification field on RightsDocket records identifies the issuing TSA — production records use the DigiCert public RFC 3161 Time Stamp Authority (http://timestamp.digicert.com). Extract the tsr field from the assertion and validate against the TSA's published certificate chain.

Where can I find the open-source RightsDocket verifier?

The reference verifier is published as Apache-2.0 licensed open source at https://github.com/abasuprab-png/rightsdocket-verifier. It includes implementations in Node.js (using @noble/ed25519) and Python (using PyNaCl), each with a single dependency.

Verify a Record

Paste a verification link, share token, docket ID, or SHA-256 hash to look up a public verification record.

Hash-based lookup runs entirely in your browser — nothing is uploaded.

Advanced: verify by file hash

Drop a file to verify by its cryptographic fingerprint

Supports audio, PDF, images, and documents. The file stays on your device for this mode.

Zero-Knowledge Hash Lookup

Your file never leaves your device in hash-lookup mode. The SHA-256 fingerprint is calculated locally in your browser and then compared against the RightsDocket verification ledger.

Advanced: inspect supported audio provenance

Upload MP3, WAV, M4A, or FLAC to inspect C2PA-aware signing and watermark signals on supported assets.

Server-side check

Drop an audio file to inspect supported provenance signals

This mode uploads the selected audio file to RightsDocket for server-side verification of supported provenance signals.

A preview-trust match means the file matched a RightsDocket signing record and the manifest parsed successfully, but full certificate trust is not yet available until the production trust chain is rolled out.