Verification

Verify a ParkProof evidence record.

Every ParkProof evidence PDF carries a cryptographic signature appendix. This page is the public, offline walkthrough for anyone — a council officer, an insurer, a court clerk, or the driver themselves — to confirm that the record hasn't been altered since the moment it was saved.

Honest framing. The signature proves integrity: the bytes inside this record are identical to the bytes signed at scan time. It does not prove the record's truthfulness (the AI could have read the sign incorrectly), nor does it determine the legal weight of the evidence. That's a separate judgement made by whoever's reviewing it.

What you're verifying

Each ParkProof session has a payload (a small text file containing the canonical session metadata plus SHA-256 hashes of the sign + car photos) and a signature (the payload signed with an AWS KMS-managed ECDSA P-256 private key that never leaves AWS). Both are printed in the signature appendix of every exported evidence PDF.

The public key needed to verify the signature is published at /parkproof-public-key.pem — open it in a browser to confirm it loads, then save it locally.

What you'll need

The evidence PDF — supplied by the person disputing or producing the record.
openssl — bundled with macOS and most Linux distros; on Windows, available via Git Bash, WSL, or the standalone OpenSSL build.
About 60 seconds.

Step-by-step

Open the evidence PDF, scroll to the "Signature appendix" page at the back. You'll see three blocks of text: payload, sig.base64, and a reference to the public key URL. Save the first two to files on your machine, then run the verification:

# 1. Save the payload block from the PDF appendix to payload.txt
#    (copy-paste exactly; preserve line endings).
# 2. Save the base64 signature block to sig.base64.
# 3. Fetch the public key.
curl -O https://www.parkproof.com.au/parkproof-public-key.pem

# 4. Decode the base64 signature to raw bytes.
base64 -d sig.base64 > sig.bin

# 5. Run the verification.
openssl dgst -sha256 -verify parkproof-public-key.pem \
  -signature sig.bin payload.txt

What the result means

Verified PASS

Verified OK — the payload in your PDF is byte-identical to what ParkProof signed at scan time. The sign rules, GPS, timestamp, address, and photo hashes have not been altered since.

Failure FAIL

Verification failure — the payload, the signature, or both have been modified since the record was saved. The PDF may have been edited, the appendix tampered with, or copy-paste introduced whitespace differences. Repeat the copy carefully before drawing conclusions.

Beyond "did the bytes change?"

A successful verification confirms integrity. It does not confirm:

That the AI read the sign correctly. The ParkProof scan is a machine read of a parking sign, and machines can be wrong. The verdict text and rules in the record are the AI's best read at scan time, not ground truth.
That the photos depict what the person says they depict. The signature proves the photos haven't been altered since saving, not that the photos themselves were honestly captured.
Any legal outcome. Whether the evidence supports an appeal, a refund, or a court case is the reviewer's call. ParkProof is a tool, not a lawyer.

Why this exists

Most parking apps that produce "evidence" produce a screenshot. Screenshots have no integrity story — they could have been edited at any point between when they were taken and when they were sent. The cryptographic signature is the difference between "here's what I saw" and "here's what I saw, and here's mathematical proof I haven't changed it since."

The public key is published so the verification is fully offline — you do not need to trust ParkProof, contact our servers, or run our app to confirm the integrity claim. The verification can be performed years from now even if ParkProof is no longer maintained, as long as openssl still exists.

Questions?

Email hello@parkproof.com.au. We answer.