After installing the Page Integrity extension, you’ll notice the PI button in your browser toolbar. Click the button to view integrity information about the currently loaded page in the active tab of your browser.
Upon clicking the PI button, Page Integrity displays the SHA-256 checksum hash of the page source. As an example, the image above shows the SHA-256 checksum hash of the source of the page at https://www.pageintegrity.net/signedpage.html, which is:
As expected, the following command-line command also produces the same SHA-256 checksum hash for source of the page at https://www.pageintegrity.net/signedpage.html:
curl https://www.pageintegrity.net/signedpage.html | sha256sum
In addition to displaying the SHA-256 checksum hash of the page source, if the page source is signed with one or more digital signatures, PI will verify the signatures, and show the signer's public signing keys for these signatures.
Users have the option of adding trusted SHA-256 checksum hashes and trusted public signing keys to the trust store. Click the 'trust store' link to view and manage trusted checksum hashes and keys in the trust store.
For pages whose SHA-256 checksum hash is found in the trust store, or for pages with a verified digital signature made using a public signing key found in the trust store, the SP browser toolbar button will be shown with a green background.
For pages that are digitally signed with a key that is not found in the trust store, the PI browser toolbar button will be shown with a yellow background.
For all other cases, the SP browser toolbar button will be shown with a white background.
Users must use their own discretion to determine which checksum hashes and/or signers to trust. In addition, for trusted signers, users must have way of authenticating the signers' public keys. This can be done through a web-of-trust model, an existing PKI infrastructure, or an out-of-band method.