DSSE envelope debugger
Decode a DSSE envelope — payload, signatures, the exact PAE bytes that get signed — and optionally verify it against a public key.
Requests are processed in memory on our server by the open-source PHP packages this site documents — nothing is stored, and request bodies are never logged.
Result
What this shows
DSSE (Dead Simple Signing Envelope) is the signature wrapper used by in-toto attestations,
SLSA provenance and Sigstore. The signature never covers the raw payload: it covers
PAE — DSSEv1 <len> <payloadType> <len> <payload> —
which binds the payload type and kills confusion attacks. The tool prints the exact PAE
preimage so you can see what your verifier must feed the crypto.
A failed check is a result, not an error: the envelope decodes fine, the signature
just doesn't match your key. The computed key ID (RFC-style SHA-256 over the SPKI, or the
JWK thumbprint) is compared with the envelope's keyid hints.
Do it in PHP
use K2gl\Dsse\Envelope;
use K2gl\Dsse\PublicKey;
// Throws SignatureVerificationFailed unless a signature checks out;
// returns the authenticated payload.
$payload = Envelope::fromJson($envelopeJson)
->verify(PublicKey::fromPem($publicKeyPem)); Powered by k2gl/dsse — the same code that just processed your envelope. See also k2gl/in-toto-attestation for typed statements.