Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.enfinitos.com/llms.txt

Use this file to discover all available pages before exploring further.

EnfinitOS signs every proof pack with an Ed25519 private key. The public half is published and stable within a rotation window. This page is the canonical key-publication reference. Other documentation pages that link to /compliance/verification-keys should be directed here.

Where to fetch the keys

Sandbox (live now): 
https://sandbox.api.enfinitos.com/api/sandbox/runtime-keys
Production (available at the April 2027 launch): 
https://api.enfinitos.com/v1/runtime-keys
The sandbox endpoint returns a JSON directory in the ws30.v1 contract shape. Each key entry has a keyId matching the verificationKeyId in proof-pack headers. The keys are also pinned in each release of the open-source auditor — packages/sdks/auditor-ts/src/keys.ts. The auditor prefers the pinned key set when offline; falls back to the published endpoint only when the pack’s verificationKeyId is not in the pinned set.

Rotation schedule

We rotate keys on a 90-day overlap window. The schedule for a new key generation:
  1. T₀ — new key generated. Public half published.
  2. T₀ + 14 days — platform starts dual-signing (old key + new key) on a subset of packs for forward-compat verification.
  3. T₀ + 30 days — platform cuts over to the new key as the primary. Old key continues to sign for backward-compat verification.
  4. T₀ + 90 days — old key revoked. The key entry in the runtime-keys directory gains a non-null revokedAt. Packs older than 90 days remain verifiable against the historical key — the entry is retained in the directory indefinitely for backward-compat verification; it is never reissued under.

Emergency rotation

If a key is suspected compromised, we rotate immediately and publish a CVE with the affected key id. The auditor refuses to verify any pack signed under a revoked key issued after the revocation timestamp. The current revocation list is published in the same runtime-keys response: revoked keys carry a non-null revokedAt timestamp. The auditor refuses to verify any pack signed under a key issued after its revokedAt.

Where to report a suspected compromise

Email security@enfinitos.com immediately. See the auditor SECURITY.md for the full security disclosure policy.