Using Page Integrity

After installing the Page Integrity extension, you’ll notice the PI button in your browser toolbar. Click the button to view integrity information about the currently loaded page in the active tab of your browser.

Page Integrity
Page Integrity showing integrity information for an example page at https://www.pageintegrity.net/signedpage.html. The SHA-256 checksum hash of the page source is shown. The page is also signed with three signatures - the signer's public signing keys for these signatures are shown as well.

Upon clicking the PI button, Page Integrity displays the SHA-256 checksum hash of the page source. As an example, the image above shows the SHA-256 checksum hash of the source of the page at https://www.pageintegrity.net/signedpage.html, which is:

ba1b3ef1a5a47bd8ee2f52b7a45725c175c4ca703299bef3d468ac2721e96709

As expected, the following command-line command also produces the same SHA-256 checksum hash for source of the page at https://www.pageintegrity.net/signedpage.html:

curl https://www.pageintegrity.net/signedpage.html | sha256sum
ba1b3ef1a5a47bd8ee2f52b7a45725c175c4ca703299bef3d468ac2721e96709

In addition to displaying the SHA-256 checksum hash of the page source, if the page source is signed with one or more digital signatures, PI will verify the signatures, and show the signer's public signing keys for these signatures.

Users have the option of adding trusted SHA-256 checksum hashes and trusted public signing keys to the trust store. Click the 'trust store' link to view and manage trusted checksum hashes and keys in the trust store.

PI - Green Button For pages whose SHA-256 checksum hash is found in the trust store, or for pages with a verified digital signature made using a public signing key found in the trust store, the SP browser toolbar button will be shown with a green background.

PI - Yellow Button For pages that are digitally signed with a key that is not found in the trust store, the PI browser toolbar button will be shown with a yellow background.

PI - White Button For all other cases, the SP browser toolbar button will be shown with a white background.

Users must use their own discretion to determine which checksum hashes and/or signers to trust. In addition, for trusted signers, users must have way of authenticating the signers' public keys. This can be done through a web-of-trust model, an existing PKI infrastructure, or an out-of-band method.