How to Check a WHIG Evidence Record Is Genuine
This guide is for insurers, brokers, and loss adjusters who have been handed a WHIG Evidence Package by a claimant and want to know whether they can rely on it.
It is written on the assumption that you should not have to take anyone's word for anything, including ours. Everything below can be checked without contacting us.
What you have been given
A WHIG Evidence Package is produced by a homeowner before a loss. It contains an Evidence Record PDF listing their contents with estimated replacement values and frames drawn from a video walkthrough, a Certificate of Integrity, and a structured JSON export that includes the sealed record.
The sealed record is the part that matters to you. It contains no inventory content. It is a set of SHA-256 hashes of each stage of processing, each one signed with ECDSA on the NIST P-256 curve.
How to verify it
- Open whig.app/verify.
- Open the claimant's JSON export and copy the sealed record, or paste the whole file. The page will locate it.
- Paste it into the box and run the check.
The page fetches WHIG's published public key, verifies each signature in the record, and reports every pipeline step as valid or invalid.
Two things worth knowing about how this works:
- It runs entirely in your browser. Nothing is uploaded, to us or anyone else. You are not telling WHIG that a claim is being assessed, and you are not transmitting the claimant's data to a third party.
- You do not need an account, and you do not need to install anything.
The mechanism, briefly
Every step of WHIG's processing pipeline computes a SHA-256 hash of its output and signs that digest with a private key held in AWS Key Management Service. The key is generated inside KMS and is never exported, including to WHIG. Signing happens by API call; the private key material does not exist outside the HSM.
The corresponding public key is published at whig.app/.well-known/whig-evidence-key.pem, which is what the verification page checks against. You are welcome to fetch it and verify signatures with your own tooling, using any standard ECDSA P-256 implementation, rather than trusting our page.
Because the signatures cover hashes of the content, altering any part of the sealed data changes its hash, and the signature no longer verifies. There is no way to edit a sealed record and have it still pass.
What a successful check establishes
Be precise about this, because it matters:
- Authenticity. The record was sealed by WHIG, using a key nobody else holds.
- Integrity. The record has not been altered, by even one character, since it was sealed.
- Date. The record carries the timestamp at which it was sealed, and that timestamp is covered by the signature. It cannot be back-dated after the fact.
Taken together: if the claimant hands you a record that verifies and is dated eleven months before the fire, then a record with exactly this content existed eleven months before the fire. That is a fact you can establish yourself, without relying on the claimant.
What it does not establish
We would rather tell you this than have you discover it and stop trusting the rest.
Verification does not prove that the items listed ever existed, nor that they belonged to the claimant, nor that they were still in the property at the time of loss. It proves the record is authentic and unaltered from a given date. It is a statement about the document, not about the world.
It also does not vouch for the values. WHIG produces automated estimates of replacement cost from retail pricing data. They are estimates, not professional valuations, and the Evidence Record labels them as such throughout. High-value and specialist items are flagged for assessment by a qualified valuer, and the record distinguishes WHIG's estimate from any value stated by the owner.
What verification removes from the conversation is the question of whether the record was assembled after the loss, or edited to suit it. That is normally the hardest thing for a claimant to demonstrate and the easiest thing for an assessment to quietly discount. Everything else about the claim remains a matter for your professional judgement.
Why a self-made inventory is different
You will more often be handed a spreadsheet, a folder of photos, or now an AI-generated PDF. Those may well be accurate, and most claimants are honest.
But none of them can answer the two questions your process exists to ask: did this exist before the loss, and has it changed since. Their dates are self-reported and their contents are freely editable, so they can only ever be assertions by an interested party.
A sealed record answers both questions without asking you to extend any trust at all. That is the only thing it is for.
Questions
If something does not verify and you believe it should, or you want to verify a record against the published key using your own tooling, contact us at whig.app/contact. We will not ask for the claimant's data.
Frequently asked questions
- How do I verify a WHIG Evidence Package?
- Open whig.app/verify and paste in the sealed record from the claimant's package, which is included as JSON in the export. The check runs entirely in your browser against WHIG's published public key. It reports each signed pipeline step as valid or invalid. Nothing is uploaded and no account is required.
- What does a successful verification actually prove?
- It proves two things. First, that the record was signed by WHIG's private key, which is generated inside AWS KMS and never exported. Second, that the record has not been altered by even a single character since it was sealed. It establishes authenticity and integrity, and it establishes the sealing date.
- What does verification not prove?
- It does not prove that the items listed genuinely existed, that they belonged to the claimant, or that the estimated values are correct. WHIG's values are automated estimates, not professional valuations. Verification tells you the record is authentic and unaltered from its sealing date. It does not vouch for the accuracy of the claimant's description of their own home.
- Do I need an account or software to verify a record?
- No. Verification runs client-side in any modern browser at whig.app/verify. Nothing is uploaded to WHIG or to anyone else, so you can check a record without disclosing that you are assessing a claim, and without sending the claimant's data anywhere.
- What happens if a record has been tampered with?
- The check fails. The signatures are computed over SHA-256 hashes of the underlying data, so changing any part of the sealed content, a single item, a value, or a date, causes the hash to differ and the signature verification to return invalid for that step.
Keep reading
Home inventory·
Can ChatGPT Make a Home Inventory for Insurance?
It will produce a list. But you will work harder than you expect for a worse record, and when you are done you will be holding a document you made yourself, which is exactly what a contents claim is built to discount.
Insurance claims·
What Makes a Home Inventory Count as Evidence
Most home inventories are not evidence. They are assertions. The difference is not how detailed the list is, it is whether anyone other than you can confirm it, and that difference decides your payout.
Insurance claims·
Proving What You Owned After a Fire, Flood, or Burglary
The cruel part of a major loss is that the proof often burns or washes away with everything else. Here is how people rebuild a claim, and how to never be in that position.