Signing Key Infrastructure

All certificates are signed using Ed25519 (RFC 8032). Ed25519 was chosen for:

• Small key and signature sizes (32-byte public key, 64-byte signature)
• Fast deterministic signing and verification
• Resistance to side-channel attacks
• Wide support across cryptography libraries (OpenSSL, libsodium, Go crypto, Python cryptography)

The signature input is the RFC 8785 (JSON Canonicalization Scheme) serialization of the certificate payload — all fields except signature.

Active signing keys are published at a well-known URL that is publicly accessible without authentication:

GET /.well-known/signing-keys.json

# Response
{
  "keys": [
    {
      "key_id": "uuid",
      "algorithm": "Ed25519",
      "public_key": "base64-encoded-public-key",
      "created_at": "2026-01-01T00:00:00Z",
      "status": "active"
    }
  ]
}

Verification tools should fetch the key by key_id referenced in the certificate. Caching is acceptable; keys do not rotate frequently.

Signing keys are rotated periodically or immediately upon suspected compromise. Key rotation does not invalidate existing certificates — retired keys remain in the public endpoint so that previously issued certificates can continue to be verified.

In the event of an emergency key rotation, CertifiedData will:

• Immediately mark the compromised key as revoked
• Publish the new key at /.well-known/signing-keys.json
• Re-issue affected certificates under the new key
• Publish an incident notice at /status

Private signing keys are stored encrypted at rest and are never exposed via any API endpoint. Access is restricted to the certification service process only. Audit logs record every signing operation.

Key material and access controls are described in the Certificate Policy.

The full history of active, retired, and revoked keys is visible at the Transparency Infrastructure page. This enables third-party auditors to verify that no unauthorized keys were used to sign certificates.