Demo
Non-normative examples. The demo illustrates draft v0.1 behavior; it is not production UX guidance. Normative label requirements are defined in UI Labels.
Labels below use the exact catalogue strings; {…} values are supplied by the verifier.
A. Signed asset from an issuer trusted for the scope
Applicable labels include:
- ✓ Signature valid: signed by
- ✓ Exact asset matches signed fingerprint
- ✓ Attestation not revoked
- ✓ Source trusted for {scope} under selected bundle
B. Misleading content signed by its issuer
The asset matches the fingerprint signed by an issuer outside the selected trust bundle. A valid signature does not establish that the claim is true.
- ✓ Signature valid: signed by
- ✓ Exact asset matches signed fingerprint
- ⚠ Issuer outside selected trust bundle
- ⚠ Claim is made by issuer, not proven as true
- ⚠ Earlier matching source found from
The chronology label applies only when the verifier has corresponding earlier-source evidence.
C. Ownership change
For an older attestation issued during a trusted period:
- ⓘ Published during previously trusted period
- ⚠ Source currently marked {current status} by selected trust bundle
For a later attestation within a high_caution period:
- ⚠ Source marked high caution by selected trust bundle
- ⚠ Claim is made by issuer, not proven as true
Scope determines whether a trust period applies.
D. Asset changed after signing
When the local bytes differ from the signed fingerprint:
- ✕ Asset hash does not match signed fingerprint
Signature validity is reported separately.
E. Attestation metadata removed
Removing an embedded reference, sidecar, or discovery link does not create a negative verification label. A byte-identical file can still be associated with an attestation already held by the verifier or found through an opt-in hash lookup.
An absent embedded reference or a successful hash lookup is a discovery event, not a normative verification label. After discovery, the verifier reports the applicable catalogue labels.
CLI flow
The reference CLI supports this sequence:
osap keygen
osap hash ./photo.jpg
osap sign ./photo.jpg --claim published_by
osap verify ./photo.jpg
osap trust check ./photo.jpg --bundle ./trust-bundle.jsonRepository material:
The verifier presents signature validity, issuer identity, exact-byte integrity, chronology, revocation, and trust-bundle interpretation as separate results.