Skip to main content

Offline, dependency-light validator for AlgoVoi signed compliance evidence — auto-detects signed receipts, signed-chain streams, and evidence packs. Falcon-1024 / RFC 8785 (JCS), public key only. No AlgoVoi code, no service, no secret.

Project description

algovoi-validate

Don't trust AlgoVoi — verify it yourself. A standalone, offline validator for AlgoVoi signed compliance evidence. Its entire trust base is two public libraries — no AlgoVoi code, no secret key, no running service, no network.

pip install algovoi-validate

It re-derives every Falcon-1024 (FN-DSA-1024) signature and SHA-256 hash-link itself, from the published public key alone. If it prints VERIFIED, the evidence is genuine and unaltered; change a single byte and it fails at exactly that entry.

Use — auto-detect

Drop an AlgoVoi artifact; it identifies the type and validates it:

algovoi-validate <path>                     # auto-detect
algovoi-validate <path> <public_key.b64>    # ...for a bare receipt/chain

An evidence pack embeds its public key. A bare receipt or signed chain also takes the signer's published public key.

Artifact Detected from Needs a public key?
Evidence pack (directory) *_chain.json + public_key.b64 no (embedded)
Signed chain (JSON array) array of signed envelopes yes
Single receipt (file) one signed envelope yes

Explicit subcommands

algovoi-validate pack <pack_dir>
algovoi-validate receipt <receipt.txt> <public_key.b64>
algovoi-validate chain <chain.json> <public_key.b64>

Exit code is 0 iff everything verifies.

What it checks

  • Falcon-1024 / FN-DSA-1024 signatures over RFC 8785 (JCS) canonical bytes, using the published public key only.
  • Hash-linked chains — sequence, prev-hash linkage, and head, so a tampered, reordered, or removed entry is caught at exactly that point.
  • Evidence packs — every signed chain in the pack, plus the trusted-timestamp binding (each timestamp's message imprint equals the hash of the archive receipt it stamps).

Library use

from algovoi_validate import autodetect, verify_pack, verify_chain, verify_receipt

Licence

Apache-2.0. Pairs with the production / custody side of AlgoVoi Records Vault; this verifier is free and always will be.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

algovoi_validate-0.1.1.tar.gz (10.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

algovoi_validate-0.1.1-py3-none-any.whl (11.3 kB view details)

Uploaded Python 3

File details

Details for the file algovoi_validate-0.1.1.tar.gz.

File metadata

  • Download URL: algovoi_validate-0.1.1.tar.gz
  • Upload date:
  • Size: 10.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for algovoi_validate-0.1.1.tar.gz
Algorithm Hash digest
SHA256 e0ccc641d55105990d9c85661e79a882d54c3a9d8c2ba8d9a1ec057a77e4d13e
MD5 825f184e5bb51128c544b74b611b685a
BLAKE2b-256 2766d813325a23a1a243377a13840f8a550d6c59d1159b7763c4ac35462ff8ea

See more details on using hashes here.

File details

Details for the file algovoi_validate-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for algovoi_validate-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8bd02a009f8c2203cce60ba24730d72442c2bff9e833690052eea737ca2a215e
MD5 0c5c517a87f02d494a3765e117c54730
BLAKE2b-256 4f57db49ddbf58e778e18440d34e22fd5b0ae116d1a4ff5f3fc58d22a9e2fd49

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page