Verify a KYA chain.

Paste a chain export. Verification runs entirely in your browser. No data is sent to RANKIGI or any third party.

Spec v1.0.1 · MIT License · Source: github.com/kya-standard/spec

INPUT: RAW_JSON_CHAIN

Verification requires JavaScript. The Python reference below runs identically without it, with the standard library only.

REFERENCE IMPLEMENTATION (PYTHON)

The same verification logic, in 30 lines of Python. Standard library only. No dependencies.

# SPDX-License-Identifier: MIT
# KYA chain verification reference (~30 lines).
# Standard library only.
import hashlib, json, sys

def canonical(obj):
    if isinstance(obj, dict):
        return "{" + ",".join(
            json.dumps(k) + ":" + canonical(v)
            for k, v in sorted(obj.items())
        ) + "}"
    if isinstance(obj, list):
        return "[" + ",".join(canonical(x) for x in obj) + "]"
    return json.dumps(obj, separators=(",", ":"))

def verify(chain):
    prev = None
    for i, ev in enumerate(chain):
        if ev["chain_index"] != i:
            raise SystemExit(f"chain_index gap at {i}")
        body = {k: v for k, v in ev.items() if k != "event_hash"}
        h = hashlib.sha256(canonical(body).encode()).hexdigest()
        if h != ev["event_hash"]:
            raise SystemExit(f"hash mismatch at {i}: expected {h}")
        if ev["previous_event_hash"] != prev:
            raise SystemExit(f"link break at {i}")
        prev = ev["event_hash"]
    print(f"OK: {len(chain)} events verified, head={prev}")

if __name__ == "__main__":
    verify(json.load(sys.stdin))

github.com/kya-standard/spec →

HOW VERIFICATION WORKS

01Recompute each event_hash from canonical bytes. Keys sorted. No whitespace. UTF-8.
02Walk the chain: previous_event_hash on row N must equal event_hash on row N-1.
03Walk the certificate chain: the passport signing CA must terminate in a published KYA root. Optional when X.509 fields are present.