Attestable Signing Keys

Displace Technologies LLC · canonical: https://keys.displace.tech

This page lists every ed25519 signing key ever used to sign Attestable evidence packs, its current status, and the files needed to verify a pack offline. Keys are never reused and never removed from this list, including after rotation or revocation. See verify.sh for the standalone verifier.


Keys

key_id status created valid_from valid_to fingerprint (SHA-256 of pubkey file)
attestable-2026-a active 2026-07-16 2026-07-20 2027-07-20 cd7b4528a78ec5085942632c7808a5b08e2cbce084b69b6aa6960d9674088710

Note: the fingerprint above reads cd7b4528a78ec5085942632c7808a5b08e2cbce084b69b6aa6960d9674088710 until the key is minted offline per spec §2 and this page, keys.json, and keys.json.minisig are updated and re-signed together. Do not trust a pack pinned against this key until the real fingerprint is published here. Separately, this key does not become valid until valid_from (2026-07-20), and expires at valid_to (2027-07-20): a pack timestamped outside that window will fail the manifest check in verify.sh even if every signature is otherwise intact.

attestable-2026-a — files


Manifest & verifier

Revocation notices, if any are ever issued, are published at /revocations/revocation-<key_id>.txt and linked from the affected key's row above once they exist.


Rotation & revocation policy

Published verbatim from SPEC_Attestable_Key_Publication.md §7:

Keys are never reused. Each key is valid for one year from its valid_from date and is rotated on schedule at expiry; rotation also occurs early on suspected compromise, custody change, or major infrastructure change. On rotation, the outgoing key is marked retired with its validity window; signatures made within that window remain valid indefinitely. On compromise, the key is marked revoked in keys.json with a dated, reasoned revocation notice signed by the successor key; packs signed under a revoked key are re-issued under the successor on request at no charge. All keys ever published remain listed and their pubkey files remain available permanently.


Mirror & existence proofs

This site is deployed directly from the public mirror repository DisplaceTech/attestable-keys — the site and the mirror are the same source and cannot diverge. Git history on that repository, GitHub's independent hosting, and the OpenTimestamps proofs above jointly establish that each key existed, unchanged, since the date shown — without requiring trust in Displace's server.