Open Verification Network

Every signature strengthens the network

A public, cryptographic trust layer for software. Search identities, verify artifacts, prove provenance — no account required, no vendor lock-in, no cost.

Coming SoonInstall the CLI

How the network works

Sign

Create your identity

One command generates your KERI key pair and stores it in your platform keychain.

$ auths id create

Publish

Sign and publish

Sign any artifact and publish the attestation to the public registry.

$ auths artifact sign release.tar.gz

Verify

Anyone can verify

Verify offline with a 200KB WASM module. No API keys, no accounts.

$ auths artifact verify release.tar.gz

Public by default

Every attestation is publicly auditable. No hidden state, no trusted intermediaries. The registry is a Git-native transparency layer — verifiable by anyone.

Self-certifying identity

Your identity is a KERI key event log — not a certificate from an authority. You control your keys. Rotation, delegation, and revocation without asking permission.

Verify anywhere

200KB WASM module runs in browsers, edge functions, CI pipelines, and air-gapped environments. No network calls. No API keys. No accounts.

What five services can do, zero infrastructure does better

Centralized Gatekeepers
IdentityCA-issued certificates (Fulcio)
Key StorageHSM / Vault / managed service
TransparencyProprietary logs (Rekor)
RevocationOCSP / CRL infrastructure
VerificationOnline API call required
Open Network
IdentitySelf-certifying KERI
Key StorageYour platform keychain
TransparencyPublic Git registry
RevocationInstant key event log
VerificationOffline WASM (200KB)

vs Sigstore

Sigstore requires Fulcio for certificates and Rekor for transparency. Auths is self-certifying with offline verification.

vs GPG

GPG keys are static, hard to rotate, and lack delegation. Auths uses KERI with pre-rotation and hierarchical delegation.

vs GitHub

GitHub's "Verified" badge is platform-locked. Auths identity works across any Git forge and verifies offline.

vs Traditional PKI

Traditional PKI needs certificate authorities and revocation infrastructure. Auths stores everything in Git.

One identity, every ecosystem

PackagesnpmnpmPyPIPyPIRustCargoDockerDockerGoGoApache MavenMavenNuGetNuGet
ForgesGitHubGitLabBitbucketRadicleGitea

Your Auths identity travels with you. Sign on GitHub, verify on GitLab. Publish to npm, verify in a Docker pipeline. No re-registration, no platform lock-in.

How it fits together

DeveloperSigns artifacts
Public RegistryAttestation transparency
Search
Publish
Verify
CI/CDAutomated verification
AnyoneBrowser · CLI · CI · Air-gapped

Join the network

Three commands. No signup. Your first signature in under a minute.

terminal

~ $ brew install auths

~ $ auths init

~ $ auths artifact sign your-release.tar.gz

Coming SoonRead the Docs