Step 1 Signing identity
Step 2 Sign a file
Drop any file — image, video, document, code, archive. Up to 200 MB. The file stays in your browser; only its SHA-256 hash is included in the signed artifact.
What just happened
Your browser computed a SHA-256 hash of your file. It built a canonical-JSON payload (@type: ELAI/SignetAttestation/v1) containing that hash, your authorship claim, and a timestamp. The payload was signed twice — once by your in-browser Ed25519 key, once by a WebAuthn assertion (which proves a biometric was present at the moment of signing). The output .signet file contains both signatures and your public key. Anyone with the file and the .signet sidecar can verify all three layers using only open standards — no software from idregulators.com required.
What's NOT in the .signet file
Your original file is not embedded. The .signet sidecar references the file only by its SHA-256 hash. Verifiers compute the same hash and compare. This makes the sidecar small (a few KB) regardless of file size, and lets you sign a file that contains sensitive content without exposing the content in the attestation.
Key custody (Tier 1)
This is the web Tier of Signet. Your Ed25519 private key is generated and stored in this browser's IndexedDB. It is software-bound — anyone with access to this browser profile and your biometric can produce signatures with this key. The WebAuthn layer adds hardware-rooted attestation that a real biometric event occurred. Tier 2 (mobile, coming) moves the Ed25519 key itself into the Apple Secure Enclave / Android StrongBox for non-extractable hardware custody.