Skip to content
ModelMirror

Verify every byte

A model file is only as good as its hash. Here is how to prove yours is byte-for-byte identical to what was published — no trust in us, no trust in the mirror, just math.

How verification works

  1. 1

    Download the signed manifest

    Every model version ships with a manifest.json (the list of every file and its hash) and manifest.json.sig (the Ed25519 signature). Both are linked on every model's download page.

  2. 2

    Verify the signature

    The manifest is signed with an Ed25519 key. Check the signature against our pinned public key (shown below and on our public key page). If the signature does not match, stop — something tampered with the manifest itself.

  3. 3

    Hash your downloaded files

    Run BLAKE3 or SHA-256 on each file you downloaded. Compare the output to the hashes listed in the manifest. Every single one must match.

  4. 4

    Compare the whole-model hash

    The manifest also carries a single BLAKE3 hash over the entire model. This is the "badge" hash shown on the model page. Match it, and you have the complete, untouched model.

One command with omm

The official CLI verifies everything in one pass — manifest signature, per-file hashes, and the whole-model hash.

# Install the CLI
curl -fsSL https://openmodelmirror.org/install.sh | sh

# Download + verify in one step
omm download meta-llama-3.1-70b --verify

# Or verify files you already have
omm verify --all --model-dir ./llama-3.1-70b/

Manual verification (no CLI)

# 1. Verify the manifest signature (Ed25519)
omm verify --manifest manifest.json

# 2. Hash each file (BLAKE3)
b3sum model-00001-of-00035.safetensors
# → af1349b9…  (compare to manifest)

# 3. Or SHA-256
sha256sum model-00001-of-00035.safetensors
# → e3b0c442…  (compare to manifest)

# 4. Whole-model BLAKE3 (the badge hash)
b3sum *.safetensors | b3sum
# → b94d27b9…  (compare to the badge on the model page)

When every hash matches: ✓ byte-for-byte identical to what was published.

Verify in your browser

Paste a hash and compare it to the signed manifest. This runs entirely in your browser — nothing leaves your machine.

Our public key

Every manifest is signed with this Ed25519 key. Pin it. If a manifest's signature doesn't verify against this key, reject it. 

Ed25519 public key (hex):
7F83A2C9 4B5E6D1F 8A2C3B4E 5D6F7A8B 9C0D1E2F 3A4B5C6D 7E8F9A0B

Fingerprint: 7F83…9A0B

The same key is published on Nostr, embedded in the CLI, and anchored to IPFS. Cross-check before trusting.

What verification proves — and what it doesn't

✓ What you get

  • Every byte matches the signed manifest
  • No one tampered with the files after publish
  • The model you have is the model that was released

✕ What it doesn't tell you

  • Whether the model is safe to run
  • Whether the license is respected
  • Whether the model is high quality

We preserve and verify. Judgment about use is yours.