DSSE envelope debugger

Decode a DSSE envelope — payload, signatures, the exact PAE bytes that get signed — and optionally verify it against a public key.

Requests are processed in memory on our server by the open-source PHP packages this site documents — nothing is stored, and request bodies are never logged.

Public key (optional — enables signature verification)

What this shows

DSSE (Dead Simple Signing Envelope) is the signature wrapper used by in-toto attestations, SLSA provenance and Sigstore. The signature never covers the raw payload: it covers PAEDSSEv1 <len> <payloadType> <len> <payload> — which binds the payload type and kills confusion attacks. The tool prints the exact PAE preimage so you can see what your verifier must feed the crypto.

A failed check is a result, not an error: the envelope decodes fine, the signature just doesn't match your key. The computed key ID (RFC-style SHA-256 over the SPKI, or the JWK thumbprint) is compared with the envelope's keyid hints.

Do it in PHP

use K2gl\Dsse\Envelope;
use K2gl\Dsse\PublicKey;

// Throws SignatureVerificationFailed unless a signature checks out;
// returns the authenticated payload.
$payload = Envelope::fromJson($envelopeJson)
    ->verify(PublicKey::fromPem($publicKeyPem));

Powered by k2gl/dsse — the same code that just processed your envelope. See also k2gl/in-toto-attestation for typed statements.