A public attestation of the cryptographic key that signs BitSeal seal manifests. Includes generation facts, storage, access controls, and instructions for any third party to reproduce the fingerprint offline.
Every BitSeal web seal is signed with a single Ed25519 private key held by Orygn LLC. The matching public key is published below and at /.well-known/bitseal-authority-key.json. Anyone who holds the public key, a manifest, and the signature can verify a seal independently of BitSeal's hosted infrastructure using any standard Ed25519 verifier. This document records who generated the key, how it is stored, and who may access it.
This Key Ceremony document exists so that any third party relying on a BitSeal seal, whether to audit a file, defend a legal position, or evaluate the credibility of BitSeal as a provenance service, can answer three questions without trusting Orygn's marketing copy.
Where we do not have a formal attestation of a historical fact, this document says so plainly. A ceremony document that invents details is worth less than one that is honest about gaps.
The values below are derived at page request time from the private key held in Orygn's production secrets store. They will update immediately on key rotation and always match the value served at the well-known endpoint.
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAY5D+SixjiaESGxScO2LXhSIjIBdURaEwyHujBLjfWIc=
-----END PUBLIC KEY-----The current Authority key was generated under the ceremony procedure published in our Rotation Policy. The facts below are the contemporaneous record of that generation event. Any relying party can recompute the public-key fingerprint in Section 2 from the same PEM using the steps in Section 6, a mismatch between what this page claims and what the well-known endpoint serves is the strongest signal that something is wrong.
Before the date recorded above, a pre-launch Ed25519 key had existed in Vercel environment variables since early development so that the signing code path could be exercised in staging. That key was never used to sign any externally-published seal and is not honored as a historical Authority key. Rather than publish a ceremony document with gaps around its generation, we rotated to the new key recorded here under the full procedure. The pre-launch key is discarded and does not appear in Section 5.
The Authority private key is held exclusively as a Vercel project environment variable named BITSEAL_PRIVATE_KEY, scoped to the Production, Preview, and Development environments of the bit-seal project under the daniels-projects-49baa4b0 Vercel team.
Known limitation: Vercel environment variables are not HSM-backed. A ceremony migration to a hardware-backed KMS (Google Cloud KMS with a hardware-protection level) is listed as a roadmap item under our Rotation Policy and the Security threat model.
When the current Authority key is rotated, its public key is moved into the historical list so that seals signed under the retired key remain independently verifiable forever. Historical keys are never deleted.
You can reproduce the fingerprint in Section 2 offline using any tool that computes SHA-256 over the DER-encoded SubjectPublicKeyInfo of an Ed25519 public key. Two common paths are documented below. Both must produce the same 64-hex-character digest as Section 2.
curl -s https://bitseal.orygn.tech/.well-known/bitseal-authority-key.json \
| jq -r .current_key.public_key_pem \
| openssl pkey -pubin -pubout -outform der \
| openssl dgst -sha256pip install bitseal
python -m bitseal.verify --fingerprintIf the fingerprint you compute does not match Section 2, stop trusting the page you are reading and email [email protected]. Mismatch is the single strongest signal that the hosted ledger or CDN has been tampered with.
A detached Ed25519 signature over the canonical text of this document, signed by the Authority key itself, is available at /api/legal/ceremony-attestation. The endpoint returns a JSON bundle containing the canonical text that was signed, the Ed25519 signature, the public-key fingerprint, and a server-side timestamp.
Signing a document about the Authority key with the Authority key is deliberately recursive and has one narrow property: it proves that whoever held the Authority key at the moment the endpoint was called was willing to bind themselves to the text of this document at that time. It does not prove that the signer is Orygn, that binding comes from the domain, TLS certificate, and corporate records.
A future revision will add a secondary, off-key signature from a personal signing identity held by the Orygn operator so that the self-reference is broken. Until that is in place, treat the self-attestation as a consistency check, not an independent identity check.
This document is versioned. Every substantive change bumps the effective date at the top of this page. Prior versions are available on request at [email protected].