🔐

Package Verification

Upload an Auditara export package to independently verify its authenticity and integrity. No login required — all checks run server-side with OpenSSL and SHA-256.

RFC 3161 · Sectigo/eIDAS SHA-256 · WORM No data storage OpenSSL-verified

📦

Upload ZIP package

Drop file here or click to select

Auditara_Legal_*_PACKAGE.zip · max. 50 MB

Analysing package…

Verification steps

🖥 Manual verification with OpenSSL (for experts)

For a fully independent verification without this server, you can run the following commands on your own system. Requirements: openssl and sha256sum must be installed (Linux/macOS). On Windows: use Git Bash or WSL.

What is a TSR file?
TSR (Time Stamp Response) is a cryptographic proof per RFC 3161, issued by Sectigo certificate authority. It irrefutably proves that the package existed at a specific point in time and has not been modified since. This method is legally recognised under the eIDAS regulation.

Install OpenSSL:
Linux/macOS: apt install openssl or brew install openssl
Windows: Git Bash or WSL

What to do if verification fails?
A failure means the package was modified or corrupted after export. Request a new package from the sender and compare the Sealed Hash. For legal purposes, contact the package issuer.

Step 1 — Verify package timestamp:

openssl ts -verify -in legal_package.tsr \ -data legal_package.zip \ -CAfile sectigo-tsa-full-chain.pem

Step 2 — Verify file integrity:

sha256sum -c manifest.sha256

Step 3 — Verify ticket timestamp:

openssl ts -verify -in tsa_response.tsr \ -queryfile tsa_request.tsq \ -CAfile sectigo-tsa-full-chain.pem

Step 4 — Verify hash chain:

Open chain_of_custody.csv in Excel or a text editor. All entries in the hash_verified column must be OK. The last row (SEALED_HASH) must match the Sealed Hash from VERIFICATION_README.txt.

CA certificate if not included in the package:

curl -O https://crt.sectigo.com/SectigoPublicTimeStampingRootR46.pem