Verify report
authenticity.
Every VCAT report contains a cryptographic hash of its contents. Upload the JSON export file to confirm the report has not been altered since it was generated.
Drop the JSON export file here
or click to browse
Choose fileAccepts .json.gz or .json files exported by the VCAT app
Legacy format
This file uses the older .json.lzfse format. Re-export the report from VCAT v1.2+ to get a .json.gz file that this page can verify directly.
Could not read file
Report Verified
This report has not been modified since it was generated by VCAT.
Verification Failed
The report data does not match its hash. The file may have been altered.
Tamper-evident by design.
Report generated on device
When VCAT generates a report, it serializes all analysis data — scores, images, metadata, and audit trail — into a canonical JSON structure.
SHA-256 hash computed
A SHA-256 cryptographic hash is computed over that exact JSON — keys sorted alphabetically, no extra whitespace. The hash is embedded in both the PDF and the JSON export file.
Verified independently
This page recomputes the hash from the uploaded file and compares it to the stored value. Any change to the data — scores, timestamps, images — produces a different hash and fails verification. No server required; everything runs in your browser.