ARP Signer

Cryptographically bind your reasoning.json to your domain via Ed25519 and RFC 8785 (JCS). No data or private keys are ever sent to a server.

100% Zero-Knowledge · Browser Cryptography Algorithm: Ed25519 Canonicalization: RFC 8785 (JCS)

1 Configuration

Need one? Use the Generator →

2 Cryptographic Binding Successful

A. Publish your DNS TXT Record

AI agents will query this public key to verify your domain authority.

Name:
Type: TXT
Value:

B. Deploy & Backup

⚠ Keep your Private Key secret! You will need it to update your file in the future without changing your DNS settings. We do not store it.

How It Works

Step 1 Generate Ed25519 Keypair A new keypair is generated entirely in your browser via @noble/ed25519.
Step 2 JCS Canonicalization (RFC 8785) Your JSON is deterministically serialized to produce identical byte output regardless of whitespace or key ordering.
Step 3 Ed25519 Signature The canonical bytes are signed with your private key. The signature is appended as _arp_signature.
Step 4 DNS TXT Binding Publish your public key as a DNS TXT record at <selector>._arp.<domain>. AI agents resolve this to verify authorship.
Security Model
This is the same trust model as DKIM and HTTPS: it proves domain ownership, not content accuracy. For AI safety architectures, a cryptographically verified reasoning.json should be treated as first-party brand attestation — the domain owner has the legal right (and liability) to define their own identity.