Active signing keys
Cryptographic infrastructure activated 2026-05-04. Last revision: 2026-05-07.
| System | Fingerprint | Algorithm | Active from | Public key |
|---|---|---|---|---|
| AI Governor | 3ca34ae9eaf15da3 | Ed25519 (EdDSA) | 2026-05-04 | PEM |
| Discovery Engine | 358e1ba89076b7e5 | Ed25519 (EdDSA) | 2026-05-04 | PEM |
AI Governor public key
fp 3ca34ae9eaf15da3-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAcVzL25q+4XksI+Mtrv1LyImWmWyccAsyJ16IbyPaPzw= -----END PUBLIC KEY-----
Discovery Engine public key
fp 358e1ba89076b7e5-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAI+tZ/Ol8tnPlx9oavOuphl8aFgD5pVpo1LkWkZ7ZkaQ= -----END PUBLIC KEY-----
How to verify a finding
Any party can verify a signed finding without authentication. Three ways, in increasing order of independence:
1. Discovery Engine finding (by fingerprint_id)
curl https://api.rocsitediscovery.com/api/discovery/verify/<fingerprint_id>
Returns JSON with verification: "ok" on success, plus the public-key fingerprint, the signature, and the canonical evidence_hash.
2. AI Governor evaluation (by case_id) — deploying soon
curl https://api.rocsitediscovery.com/api/governor/verify/<case_id>
A hosted convenience lookup returning JSON with verification: "ok", the verdict, canonical failure mode, and signing-key fingerprint. This endpoint is in active deployment as part of our audit-record integrity work and is not yet live. Until it ships, an AI Governor evaluation is verified the same way as any signed finding — the signed bundle returned at evaluation time is checked offline against the published public key using method 3 below.
3. Manual verification with openssl + Python (institutional auditors)
curl https://rocsitediscovery.com/keys/discovery_engine_pubkey.pem -o pub.pem openssl dgst -sha256 pub.pem | head -c 16 # expect: 358e1ba89076b7e5 — must match the kid on any signed Discovery report
Python verification example (using cryptography):
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
from cryptography.hazmat.primitives import serialization
import base64, json, requests
# 1. Pull the finding's canonical record + signature
fp_id = "RSD-260505-24LYDG"
r = requests.get(f"https://api.rocsitediscovery.com/api/discovery/verify/{fp_id}")
record = r.json()
# 2. Fetch the public key
pem = requests.get(record["public_key_pem_url"]).content
pub = serialization.load_pem_public_key(pem)
# 3. Verify the signature
sig = base64.b64decode(record["signature_b64"])
canonical = json.dumps(record["canonical"], separators=(",",":"), sort_keys=True).encode()
pub.verify(sig, canonical)
print("verified:", record["fingerprint_id"])
Key rotation policy
Both signing keys are permanent. Rotation is performed only on documented compromise. We do not rotate on a schedule, on personnel change, on hardware refresh, or on routine software update — calendar-based rotation breaks the trust chain that institutional buyers anchor verification to.
Documented compromise means: private-key file accessed by an unauthorized party, key extracted from memory by side-channel attack, the key used to sign findings outside normal system parameters, or loss of all encrypted backup copies. Anything else is not a rotation event.
Retired keys
| System | Fingerprint | Active range | Reason for retirement |
|---|---|---|---|
| AI Evaluator (predecessor of AI Governor) | 32ee6e0e4434b55c | 2026-05-01 → 2026-05-04 | Cryptographic infrastructure consolidation. Not a security incident. All historical findings re-signed with the v1 AI Governor key on 2026-05-04. |
Threat model
| Threat | Mitigation |
|---|---|
| Private-key exfiltration from disk | Strict file mode 600 on a LUKS-encrypted volume. Three independent encrypted backups (age-encrypted, passphrase known only to operator). |
| Memory extraction of the in-process key | Service runs as a non-root user. No remote shell access into the signing process. Periodic process monitoring. |
| Tampering with a signed finding in the database | Signature is computed over canonical JSON of the finding (excluding the signature field itself). Any tampering invalidates the signature; external verifiers detect this immediately. |
| Substitution of the published public key | The published key URL is served from the same domain as the verification page; key fingerprints are documented on this page and in the methodology page. External auditors should pin the fingerprint. |
| Loss of all signing-key copies | Three encrypted backups in three independent locations (encrypted local volume, encrypted backup drive, offsite encrypted storage). Recovery requires only the operator's passphrase. |
Pre-infrastructure findings
The Discovery Engine signing infrastructure was activated on 2026-05-04. The 2,862 findings dated before that date are flagged signature_status = pre_signing_infrastructure. They are identified by content hash (evidence_hash) but not cryptographically attested. Backfilled signatures would misrepresent when attestation began, so we deliberately do not retroactively sign them. Any finding dated after 2026-05-04 is signed.
AI Governor evaluations from before 2026-05-04 were re-signed with the v1 key (this was a key rotation, not infrastructure activation — the prior 32ee… key was already in use).
Security contact
For security concerns, vulnerability reports, or questions about the cryptographic infrastructure: [email protected]