{
  "title": "AgenticRail Receipt Verification Keys",
  "description": "Public keys for verifying the `signature` field of AgenticRail enforcement receipts. To verify a receipt: select the key whose `kid` equals the receipt's `key_id`, then verify the receipt's `signature` (base64) against the signature preimage using the key's algorithm. The preimage is the canonical JSON of the receipt with the `signature` field removed (alphabetically sorted keys, no whitespace) — see https://agenticrail.nz/spec/canonical.txt. Ed25519 receipts are verifiable offline by anyone with no call back to AgenticRail. Legacy hmac-sha256 receipts are symmetric and therefore NOT third-party verifiable — verify those via the report endpoint.",
  "issuer": "TUARA KURI LIMITED — AgenticRail",
  "contact": "hello@agenticrail.nz",
  "canonicalization": "https://agenticrail.nz/spec/canonical.txt",
  "verification_endpoint": "https://report.agenticrail.nz",
  "updated": "2026-06-07",

  "keys": [
    {
      "kid": "k2_2026-06-07_ed25519",
      "status": "active",
      "use": "sig",
      "valid_from": "2026-06-07",
      "signature_alg": "Ed25519",
      "signature_encoding": "base64",
      "third_party_verifiable": true,
      "public_key_spki_b64": "MCowBQYDK2VwAyEA1ejM0xb/nkaPO8NhNWtXHOpqR1BgYqAOLWqig02FZdI=",
      "jwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "1ejM0xb_nkaPO8NhNWtXHOpqR1BgYqAOLWqig02FZdI",
        "use": "sig",
        "alg": "EdDSA",
        "kid": "k2_2026-06-07_ed25519"
      }
    },
    {
      "kid": "k1_2026-02-22_01",
      "status": "legacy",
      "use": "sig",
      "valid_from": "2026-02-22",
      "retired": "2026-06-07",
      "signature_alg": "hmac-sha256",
      "signature_encoding": "hex",
      "third_party_verifiable": false,
      "note": "Symmetric HMAC-SHA-256. Receipts under this key_id predate the Ed25519 cutover (2026-06-07). No public key exists for a symmetric secret, so these receipts cannot be verified offline by a third party — verify them via the report endpoint. Listed here for key_id resolution and completeness. These receipts remain valid and tamper-evident; only the offline-verifiability property differs."
    }
  ],

  "jwks": {
    "keys": [
      {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "1ejM0xb_nkaPO8NhNWtXHOpqR1BgYqAOLWqig02FZdI",
        "use": "sig",
        "alg": "EdDSA",
        "kid": "k2_2026-06-07_ed25519"
      }
    ]
  }
}