ELAI Signet · Tier 1 · Web signer

Sign with your face.
Prove with math.

Three layers of evidence — Ed25519 cryptographic signature, hardware-attested biometric event, and platform-authenticator chain — embedded in one verifiable .signet sidecar artifact. Everything runs in your browser. Your key never leaves this device.

Ed25519 · RFC 8032 WebAuthn · FIDO2 SHA-256 · FIPS 180-4 Canonical JSON Local-first

Step 1 Signing identity

Step 2 Sign a file

Drop any file — image, video, document, code, archive. Up to 200 MB. The file stays in your browser; only its SHA-256 hash is included in the signed artifact.

Drop a file here, or click to choose
Any file type · up to 200 MB · stays in your browser

What just happened

Your browser computed a SHA-256 hash of your file. It built a canonical-JSON payload (@type: ELAI/SignetAttestation/v1) containing that hash, your authorship claim, and a timestamp. The payload was signed twice — once by your in-browser Ed25519 key, once by a WebAuthn assertion (which proves a biometric was present at the moment of signing). The output .signet file contains both signatures and your public key. Anyone with the file and the .signet sidecar can verify all three layers using only open standards — no software from idregulators.com required.

What's NOT in the .signet file

Your original file is not embedded. The .signet sidecar references the file only by its SHA-256 hash. Verifiers compute the same hash and compare. This makes the sidecar small (a few KB) regardless of file size, and lets you sign a file that contains sensitive content without exposing the content in the attestation.

Key custody (Tier 1)

This is the web Tier of Signet. Your Ed25519 private key is generated and stored in this browser's IndexedDB. It is software-bound — anyone with access to this browser profile and your biometric can produce signatures with this key. The WebAuthn layer adds hardware-rooted attestation that a real biometric event occurred. Tier 2 (mobile, coming) moves the Ed25519 key itself into the Apple Secure Enclave / Android StrongBox for non-extractable hardware custody.