How it works

Signatures & Integrity

ETHORITY publishes signed snapshots so anyone can independently verify that observed records are authentic and unchanged — without trusting ETHORITY’s UI, operators, or opinions.

What integrity verification proves

Verification answers exactly one question:

“Do these bytes match the data that was signed by the published key?”

• If yes → the snapshot is authentic and unchanged
• If no → the data must not be trusted

Integrity does not imply quality, safety, compliance, or endorsement.

Public verification artifacts

Every snapshot publishes three immutable, public files:

/index/index.json — snapshot data
/index/index.sig — detached Ed25519 signature (base64)
/index/index.pub — public key (PEM)

These files can be mirrored, cached, archived, and verified on any machine.

Step-by-step verification (Node.js)

Requires Node.js ≥ 18. No ETHORITY software or account required.

// verify.mjs
import fs from "fs";
import crypto from "crypto";

const data = fs.readFileSync("index.json");
const sig = Buffer.from(
  fs.readFileSync("index.sig", "utf8").trim(),
  "base64"
);
const pub = fs.readFileSync("index.pub");

const ok = crypto.verify(
  null,
  data,
  { key: pub, format: "pem", type: "spki" },
  sig
);

console.log(ok ? "VERIFIED" : "INVALID");

Any modification to index.json — even a single byte — will cause verification to fail.

Tamper detection is mandatory

Integrity verification is only meaningful if tampering is detectable.

In ETHORITY, altering the snapshot content causes verification to return INVALID. Re-downloading the original snapshot restores VERIFIED.

Use case snapshot

A journalist cites a snapshot hash. An auditor verifies integrity years later. An autonomous agent refuses to ingest unsigned data. None rely on ETHORITY’s UI.

Browse observed systems

Open Registry →

Verify a specific system

Verification entry points →