Trua.Form I-9 Verifier Public verification — no account needed

What this page does

Verify a Form I-9 inspection package

Employers using Trua's Form I-9 platform can generate a cryptographically signed inspection package — a single file that contains the I-9 records an inspector requested, plus a digital signature that proves the records haven't been altered since the employer assembled the package.

Paste the three pieces the employer sent you and click Verify. The check happens in under a second and does not require an account. Trua does not log the package contents.

Package fields

The full manifest text. Begin with { and end with }.
Hex-encoded DER signature over the manifest's SHA-256 hash.
The bureau-published DID URL fragment identifying the key.

How the check works

  1. Trua looks up the public key by the signing key ID against the bureau's published JWKS.
  2. Trua computes the SHA-256 hash of the manifest JSON exactly as you pasted it.
  3. Trua verifies the hex signature against the computed hash using ES256 (NIST P-256 + SHA-256).
  4. If the signature is valid, the manifest hasn't been altered since the employer signed it. If it isn't, something has changed — typically whitespace mangling during copy/paste, or genuine tampering.