Upload
Submission is consent-gated. Paste the token from the consent step; this page verifies the signature offline against the embedded public key. There is no upload endpoint here — the verifier launch is the controlled, manual handoff. Nothing you paste leaves your device.
Why verify in your browser
- The check is a pure Ed25519 verification — no server is asked whether you're allowed.
- The same math anyone can run confirms the statement was signed by the token's key.
- If verification fails, the token was altered, truncated, or signed by a different key.