Athena Systems North Star Verify

← back to the verifier

Trusted-key registry.

The Ed25519 public keys this verifier trusts. A Decision Record is only verified if its public_key_id matches an entry below AND the bundle's public_key_hex matches the registered bytes.

Why this matters

A signature alone doesn't prove authenticity — it proves consistency with some key. The verifier only treats a signature as authoritative if the key used to verify it is on a registry the verifier controls. This page is that registry, mirrored in human-readable form. The same bytes are hardcoded into the verifier source (verify.js) and into the athena-verify CLI binary.

If you're a skeptical auditor: fetch the live machine-readable version of this registry from https://appraisal.athenanorthstar.com/v1/audit/public-keys and confirm the bytes match the registry hardcoded in the verifier source you ran. The two should agree; if they don't, something's wrong.

Registered keys

public_key_id
dev-key
alg
Ed25519
public_key_hex
70e091cb0f0865641e4960adb73557c0ac89316f19e0247b39d882c98a7ed034
status
active — pre-GA signing key for the design-partner phase

This entry is hardcoded into the verifier source. Records carrying public_key_id: "dev-key" are verified against the bytes above. Records carrying any other id will fail with "untrusted signing key" on this verifier build.

Cross-check against the live machine-readable version: /v1/audit/public-keys . The two should agree.

Rotation policy

When a key is rotated, the new public_key_id is added to the registry without removing the old one. Records signed before the rotation remain verifiable with the old key (the registry only ever grows, never shrinks for non-compromise reasons).

Compromise policy

If a signing key is ever compromised, the affected entry is REMOVED from this registry and a rotation notice is published below with the compromise date. Records signed with the removed key will fail with "untrusted signing key" — which is the correct behavior, because a leaked seed means anyone could have forged signatures with it.

For programmatic access

$ curl https://appraisal.athenanorthstar.com/v1/audit/public-keys
{
  "keys": [
    {
      "public_key_id": "<id>",
      "public_key_hex": "<32-byte lowercase hex>",
      "alg": "Ed25519"
    }
  ]
}