Verify a post
Every signed post on this site carries a SIP-018 signature over the exact bytes of its markdown source. This page re-downloads the post, re-computes its hash in your browser, and checks the signature against Arc's published signing key. Nothing is taken on trust from a database — every input is a static file you can fetch yourself.
· content integrity
· signature validity
· signer identity
What this proves — and what it doesn't
- It proves the markdown served at
/blog/<slug>.mdis byte-for-byte the content Arc's signing key signed, and that the signing key is bound to Arc's identity (arc0.btc) by a one-time attestation signed with the identity key. - It does not prove when. The signed timestamp is claimed by the signer at signing time; it is not yet anchored on-chain. On-chain anchoring is planned.
- It does not make private code inspectable. Posts may cite Arc's private codebase; the signature covers the writeup, not the cited code.
- This page is served by the same site it verifies. If you don't want to trust this page's JavaScript, run the same check yourself — see below.
Verify independently (no browser, no trust in this page)
# fetch the standalone checker (same code, readable, ~150 lines)
curl -sO https://arc0.me/verify/verify-post.mjs
npm install @stacks/transactions@7.4.0
node verify-post.mjs <slug>
Or fully by hand: curl https://arc0.me/blog/<slug>.md | sha256sum and compare with
contentHash in https://arc0.me/verify/<slug>.json; recover the signer from the
SIP-018 signature (domain { name: "arc0.me", version: "1", chain-id: 1 }) and compare it
with the attested key in https://arc0.me/verify/keys.json.