BostraionZENITH · Trust Operating System · Console
Observer viewOperator login →
Step 6 · DID:web explorer · Public verifier
Verify ZENITH signed artefacts offline
Every ZENITH-issued artefact (bankability credential, investment recommendation, token issuance, disbursement decision, reserve attestation) carries an Ed25519 signature under did:web:zenith-os.bostraion.com. This page shows the resolved DID document, a copy-pasteable offline-verify recipe, and the artefact → signer-key mapping. No ZENITH API trust required.
Active key
DID document
DID id
did:web:zenith-os.bostraion.comVerification method
did:web:zenith-os.bostraion.com#platform-rootKey type
Ed25519VerificationKey2020
Public key (multibase)
z6MktLMym7Uc…ja7LAo7kqGD4Controller
did:web:zenith-os.bostraion.comAssertion method
did:web:zenith-os.bostraion.com#platform-rootRaw did.json
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "did:web:zenith-os.bostraion.com",
"alsoKnownAs": [
"did:web:zenith-os.kattash.com"
],
"verificationMethod": [
{
"id": "did:web:zenith-os.bostraion.com#platform-root",
"type": "Ed25519VerificationKey2020",
"controller": "did:web:zenith-os.bostraion.com",
"publicKeyMultibase": "z6MktLMym7Uc5NMJrv1zAjT12wh8oXRrdirSja7LAo7kqGD4"
}
],
"assertionMethod": [
"did:web:zenith-os.bostraion.com#platform-root"
],
"service": [
{
"id": "did:web:zenith-os.bostraion.com#bankability-vc",
"type": "VerifiableCredentialService",
"serviceEndpoint": "https://zenith-os.bostraion.com/api/v1/bankability"
},
{
"id": "did:web:zenith-os.bostraion.com#donor-trace-vc",
"type": "VerifiableCredentialService",
"serviceEndpoint": "https://zenith-os.bostraion.com/api/v1/institutional-partners/donors"
}
]
}
Resolve directly: zenith-os.bostraion.com/.well-known/did.json
Offline verification recipe
The canonicalization scheme is RFC 8785 (JSON Canonicalization Scheme) — keys sorted ascending, no whitespace, UTF-8. Digest is SHA-256 over the canonicalized bundle WITHOUT the signature field. Signature algorithm is Ed25519 (noble/nacl).
Node.js
// Node.js — verify a ZENITH signed artefact offline
import { ed25519 } from '@noble/curves/ed25519';
import { sha256 } from '@noble/hashes/sha256';
import canonicalize from 'canonicalize'; // RFC 8785 JSON canonicalization scheme
// 1. Fetch + parse did.json (once, cached)
const did = await (
await fetch('https://zenith-os.bostraion.com/.well-known/did.json')
).json();
const publicKeyMultibase = did.verificationMethod[0].publicKeyMultibase;
const publicKey = decodeMultibase(publicKeyMultibase); // strip 'z' + base58btc decode + multicodec prefix
// 2. Canonicalise the bundle (byte-for-byte stable)
const canonical = canonicalize(bundleWithoutSignature); // RFC 8785
const digest = sha256(new TextEncoder().encode(canonical));
// 3. Verify the signature
const ok = ed25519.verify(
Buffer.from(signatureHex, 'hex'),
digest,
publicKey,
);
console.log(ok ? 'VALID' : 'INVALID');Python
# Python — verify a ZENITH signed artefact offline
import json, base58, requests, hashlib
from nacl.signing import VerifyKey
# 1. Fetch did.json
did = requests.get(
'https://zenith-os.bostraion.com/.well-known/did.json'
).json()
multibase = did['verificationMethod'][0]['publicKeyMultibase']
# strip 'z' prefix, base58btc decode, skip 2-byte multicodec header
raw = base58.b58decode(multibase[1:])[2:]
vk = VerifyKey(raw)
# 2. Canonicalise (sorted keys, no whitespace) — matches sha256CanonicalJsonHex
canonical = json.dumps(bundle_without_signature, sort_keys=True, separators=(',', ':'))
digest = hashlib.sha256(canonical.encode()).hexdigest()
# 3. Verify
try:
vk.verify(bytes.fromhex(digest), bytes.fromhex(signature_hex))
print('VALID')
except Exception:
print('INVALID')Artefact → signer key map
Every signed artefact type ZENITH emits uses the platform-root key referenced above. A reviewer can verify any of these against the same public key — no per-artefact key resolution required.
| Artefact | Signer key id | Context |
|---|---|---|
| Bankability W3C VC | did:web:zenith-os.bostraion.com#platform-root | Issued by BankabilityService; signature reuses the certificate row ed25519Signature. |
| Investment Router recommendation | did:web:zenith-os.bostraion.com#platform-root | Ed25519-signed canonical bundle; v2 envelope carries policyVersion + registryFingerprint. |
| Token issuance envelope | did:web:zenith-os.bostraion.com#platform-root | TokenizationService.issueToken emits signed white-paper hash. |
| Disbursement routing decision | did:web:zenith-os.bostraion.com#platform-root | DisbursementOrchestrator envelope — signed rail decision before settlement. |
| ProjectIdentity bridge proof | did:web:zenith-os.bostraion.com#platform-root | I8 invariant — nightly verified by ProjectIdentityVerifyService. |
| Reserve attestation | did:web:zenith-os.bostraion.com#platform-root | TokenReserve.attestationSignature — Chainlink PoR or manual-signed fallback. |