How do I verify a RightsDocket assertion?

Extract the signature and key ID from the assertion, fetch the matching public key from https://www.rightsdocket.com/.well-known/jwks.json, verify the Ed25519 signature against the assertion payload, and confirm the embedded RFC 3161 timestamp is from a trusted authority. A reference verifier in Node.js and Python is published at https://github.com/abasuprab-png/rightsdocket-verifier.

What does a RightsDocket signature prove?

A valid Ed25519 signature on a RightsDocket assertion proves the assertion was generated by RightsDocket using the documented private key, has not been altered since signing, and existed at or before the embedded timestamp.

Is RightsDocket C2PA compatible?

Yes. RightsDocket assertions use Ed25519 signatures (a C2PA-approved algorithm) and follow C2PA manifest format. Standards-compliant C2PA verifiers can read RightsDocket assertions.

Does RightsDocket comply with EU AI Act Article 50?

Yes. RightsDocket produces signed, timestamped assertions that meet the EU AI Act Article 50 verifiability requirement for generative AI provenance disclosure. See /.well-known/signing-keys for the canonical compliance metadata.

What is the RightsDocket public key fingerprint?

The current Ed25519 public key fingerprint (sha256 of decoded DER) is c8fcdf45912728467a54224a7a93220800bc0947583c70753d17df5bfc15bc9e. Key ID: rd-sign-2026-05-06, activated 2026-05-06. JWS thumbprint: yPzfRZEnKEZ6VCJKepMiCAC8CUdYPHB1PRffW_wVvJ4. The canonical key material is published at https://www.rightsdocket.com/.well-known/jwks.json.

How are RFC 3161 timestamps verified on RightsDocket assertions?

Each assertion includes an RFC 3161 timestamp from a public Time Stamp Authority. The technical verification field on RightsDocket records identifies the issuing TSA — production records use the DigiCert public RFC 3161 Time Stamp Authority (http://timestamp.digicert.com). Extract the tsr field from the assertion and validate against the TSA's published certificate chain.

Where can I find the open-source RightsDocket verifier?

The reference verifier is published as Apache-2.0 licensed open source at https://github.com/abasuprab-png/rightsdocket-verifier. It includes implementations in Node.js (using @noble/ed25519) and Python (using PyNaCl), each with a single dependency.

Verify a Record

Paste a verification link, share token, docket ID, or SHA-256 hash to look up a public verification record.

Hash-based lookup runs entirely in your browser — nothing is uploaded.

Advanced: verify by file hash

Drop a file to verify by its cryptographic fingerprint

Supports audio, PDF, images, and documents. The file stays on your device for this mode.

Zero-Knowledge Hash Lookup

Your file never leaves your device in hash-lookup mode. The SHA-256 fingerprint is calculated locally in your browser and then compared against the RightsDocket verification ledger.

Audio authenticity scan

Upload MP3, WAV, M4A, or FLAC to inspect embedded C2PA and watermark signals.

Server scan

Drop an audio file to inspect C2PA and watermark signals

This mode uploads the selected audio file to RightsDocket for server-side verification.

A preview-trust match means the file matched a RightsDocket signing record and the manifest parsed successfully, but full certificate trust is not yet available until the production trust chain is rolled out.