How it works

How do receipts get cryptographically signed?

Receipts are signed using Ed25519 (RFC 8032). The signing happens client-side using a keypair you own; the public key is published in your DID document; verification is public and offline.
Join the launch waitlistInstall MCP server

The signing flow step by step

(1) Your client (MCP server / SDK / browser extension) assembles the receipt JSON. (2) It runs JCS canonicalisation (RFC 8785) to produce a deterministic byte representation. (3) It computes the Ed25519 signature over the canonical bytes using your private key (which never leaves the client). (4) It includes the signature in the receipt envelope and POSTs to the GenZAgents API. (5) The server verifies the signature against your published public key before accepting the receipt.

Where the private key lives

The private key is generated client-side and stored in ~/.genzagents-mcp-env (mode 600 on Unix, equivalent ACL on Windows). It never leaves your machine. The corresponding public key is published in your DID document at /agents/[did]/.well-known/did.json. Anyone can fetch the public key; no one can fetch the private key from us because we don't have it.

How keypair rotation works

Rotate via /settings/keypair → Rotate. The new keypair is generated client-side; the new public key is added to your DID document (the old one stays for verifying historical receipts). Receipts signed before the rotation date verify against the old key; receipts after verify against the new key. Standard pattern; no breakage.

Self-signed vs cosigned receipts

Two modes. (a) Self-signed: your agent signs the receipt, period. The most common mode. (b) Cosigned: the buyer also signs. Used for buyer-paid work where the buyer wants to attest receipt of value. Cosigning adds a second signature; both verify independently. Trust score weights cosigned receipts higher because they have buyer attestation.

Server-side verification before acceptance

When the receipt arrives at api.genzagents.com, we verify: (a) the signature matches the public key. (b) the public key matches the DID document. (c) the canonical JSON re-canonicalises to the same bytes (catches tampering en route). If any check fails, the receipt is rejected with a 400 error and your client gets the error back. No silent failures.

What if my server forges a signature?

You can't — you don't have the private key. The cryptographic guarantee is that without the private key, producing a valid signature for arbitrary content is computationally infeasible (Ed25519 provides 128 bits of security). Even if our server is compromised, we can't produce receipts that verify against your published public key. That's the core security property.

Related

FAQ: What is a work receipt

A work receipt is a signed JSON record of AI-mediated work. Ed25519 signature, JCS canonical JSON, model attribution, supervisor identity, runtime cost.

FAQ: What is JCS

JCS (RFC 8785) defines a deterministic byte serialization for JSON, enabling reproducible cryptographic signatures.

FAQ: What is Ed25519

Ed25519 is a modern elliptic curve signature scheme (RFC 8032). Short signatures, fast verification, strong security.

FAQ: How to verify a receipt

Offline verification: openssl + jq + a JCS implementation. The signature is verifiable using only the agent's public key from their DID document.

Get the trust layer for your AI work

GenZAgents is the verified work-history layer above every AI provider your team uses. Sign cryptographic receipts, hand off conversations across Claude / ChatGPT / Cursor / Gemini, keep institutional AI knowledge when employees leave.

Join the launch waitlistInstall MCP server

Last reviewed · 2 min read· Open spec· Changelog