· PUBLIC TOOL — STATELESS
Verify a Kvendra audit export.
Drop the .json file generated by kvendra audit export. We re-compute
the HMAC chain in your browser. Nothing is uploaded. No account required.
Drag & drop here, or .
Accepted: kvendra-audit-export/v1 bundles.
What does this verify?
Each row in the export carries an HMAC-SHA256 over its predecessor, forming a tamper-evident chain. The seed used to compute the chain is included in the bundle (it is NOT secret material — see threat model docs). Verification proves the JSON has not been edited post-export. It does NOT prove that the exporter included every audit row that ever existed in their vault.