Capabilities
Cryptographic Attestation
Ed25519 digital signatures and hash-chain verification for tamper-proof compliance certificates.
The Verity subsystem issues compliance certificates that are cryptographically signed using Ed25519 key pairs bound to issuer identities. Each certificate includes a content hash, signature, issuer key fingerprint, and chain reference to the previous attestation. Verification is stateless — any party with the issuer's public key can validate a certificate's authenticity and integrity without contacting Caelex. Certificates reference specific compliance states at specific points in time, creating an auditable history of compliance claims.
Key Capabilities
Ed25519 Digital Signatures
Each compliance certificate is signed with the issuer's Ed25519 private key, producing a compact 64-byte signature that is computationally infeasible to forge.
Issuer Key Management
Issuer keys are generated per-organization, stored encrypted at rest, and support rotation with automatic re-signing of active certificates during key transitions.
Stateless Verification
Third parties verify certificate authenticity using only the public key and certificate data — no API call to Caelex required, enabling offline and air-gapped verification.