Local Pack

Verifying a Local Pack signature

Signed Local Packs include a detached JWS signature over the Origin Manifest. This page explains what that signature proves, what it does not prove, and how to verify it locally.

Never upload a completed Local Pack to verify it. Verification is done locally using the script described below.

What the signed Origin Manifest proves

When you generate a signed Local Pack, Security Binder produces a signed Origin Manifest (manifest/security-binder-origin-manifest.json) and a detached ES256 JWS signature file (manifest/security-binder-origin-manifest.jws).

The signature proves two things:

  • Package provenance: Security Binder generated this pack. The manifest was produced by a Security Binder instance holding the private key identified by the kid in the JWS header.
  • File integrity at generation time: Each file listed in manifest.files was present in the pack and matched its SHA-256 hash when the pack was generated. If any file has been added, removed, or altered since generation, verification will fail.

What the signature does not prove

The Origin Manifest signature is a statement about the package, not about your organization or its security posture. It does not prove:

  • Implementation: The signature does not indicate that any security control described in the documents has been implemented or is effective at your organization.
  • Completion: The pack contains draft templates and framework scaffolding. Completing them locally is the responsibility of your team.
  • Compliance: A verified Local Pack is not a compliance certification, attestation, or assessment result. Security Binder does not guarantee that using these documents satisfies any regulatory requirement or framework standard.
  • Insurance eligibility: Possession of a signed Local Pack is not an underwriting criterion and does not constitute a representation to any insurer.

Public key registry

Security Binder publishes its active signing public keys at:

The registry is a JSON object with a keys array. Each entry includes a kid, a public_jwk, and a statusfield (active, revoked, or compromised). Revoked and compromised keys are rejected during verification.

The JWS protected header in each pack carries the kid of the key used to sign that specific pack. The verifier script uses this to look up the correct public key without requiring you to know which key was current at generation time.

How to verify locally

The verifier script is included in the Security Binder open-source repository atscripts/verify-local-pack.mjs. It runs entirely offline and requires no network connection once you have the pack and the key registry JSON.

Important: Never upload a completed Local Pack to verify it. A completed pack may contain sensitive materials (evidence screenshots, vendor details, system inventories, insurance documents, backup records, incident notes) that must remain in your own approved environment.

Steps

  1. Download the key registry. Fetch the public key registry from /.well-known/security-binder-keys.json and save it locally (for example, as keys.json). This is the only step that requires a network connection.
  2. Run the verifier. From the root of the Security Binder repository:
    node scripts/verify-local-pack.mjs <path/to/pack.zip> --keys <path/to/keys.json>
  3. Review the output. The script prints PASS and exits with code 0 on success, or FAIL: <reason> and exits with a non-zero code on any failure. Failures include: unknown or revoked key, signature mismatch, hash mismatch on any listed file, or unexpected files in the ZIP not covered by the manifest.

What the script verifies

  • The JWS signature over the canonicalized (RFC 8785) manifest JSON using the ES256 public key identified by kid
  • The kid is present in the registry with a non-revoked status
  • Every file listed in manifest.files exists in the ZIP and matches its SHA-256 hash
  • No files are present in the ZIP that are not covered by the manifest (unexpected-file rule)
  • Required manifest fields are present: schema, pack_profile, generator.app_sha, generator.template_release