Independent verifier for AqtaCore attestation receipts. Verifies the Ed25519 signature on an attestation receipt without trusting any third-party server. Reference implementation of ATTESTATION-v1.
Project description
aqta-verify-receipt
Independent verifier for AqtaCore attestation receipts. Checks the Ed25519 signature on an enforcement-attestation receipt using only the published public key: no dependency on Aqta's servers.
Why this exists
AqtaCore returns a signed receipt with every AI enforcement decision. Regulators, auditors, and internal compliance teams need to verify those receipts independently, without trusting the issuer. This package is the reference implementation of that verifier, maintained by Aqta under the open ATTESTATION-v1 format specification.
Install
pip install aqta-verify-receipt
One dependency: cryptography, for constant-time Ed25519 verification.
Usage
from aqta_verify_receipt import verify_receipt, fetch_published_public_key
# ONE-TIME, on first use of this library in your environment.
trusted = fetch_published_public_key()
save_to_config(trusted) # file, database, KMS, secret manager
# EVERY VERIFICATION: load the pinned value, do not re-fetch.
trusted = load_from_config()
result = verify_receipt(receipt, trusted_public_key=trusted)
if not result.valid:
raise ValueError(f"Receipt invalid: {result.reason}")
⚠️ Pin the public key. Do not re-fetch on every call.
fetch_published_public_key() performs a live HTTPS fetch. Calling it
inside a verification loop collapses the trust model back to "trust the
issuer's server right now", which is exactly what this format is
designed to avoid.
The correct pattern is:
- Fetch once, on first use.
- Persist the result (configuration, database, KMS, secret manager).
- Pass the persisted value as
trusted_public_keyon every verification thereafter. - Rotate only when you receive a documented key-rotation notice via a channel you already trust.
Re-fetching the key on every verification is a misuse.
API
verify_receipt(receipt, *, trusted_public_key=None, strict_fields=True) → VerifyResult
Verifies an attestation receipt against the declared (or pinned) public key.
trusted_public_key: base64url public key. If set, the receipt'spublic_keyfield must match byte for byte. Strongly recommended for production.strict_fields(defaultTrue): any unknown top-level field causes rejection, per ATTESTATION-v1 §4. See "Forward compatibility" below.
Returns a VerifyResult with fields valid: bool and
reason: Optional[str]. Never raises.
fetch_published_public_key(url=..., *, timeout=10.0) → str
Fetches the AqtaCore public key from
https://app.aqta.ai/security/pubkey.txt. Pass a custom URL for
self-hosted issuers. Pin the result; see the warning above.
Forward compatibility
strict_fields=True (the default) rejects any receipt containing a
field not defined in the version of the spec this library was built
against. This is the correct behaviour for a security-critical
verifier: a receipt containing an unknown field may carry
attacker-controlled metadata that downstream systems should not treat
as signed evidence.
ATTESTATION-v1 versioning policy:
- Patch versions of the spec (v1.0.x): clarifications only, no field changes. Your verifier keeps working.
- Minor versions of the spec (v1.x.0): may add new optional
fields. A v1.0-era verifier will reject v1.1 receipts under
strict_fields=True. Upgrade the verifier, or setstrict_fields=Falseto let forward receipts through the signature check. Cryptographic verification still holds in both cases; only the structural-allowlist check is relaxed. - Major versions (vN.0, N ≥ 2): breaking changes; upgrade required.
Set strict_fields=False only if your compliance team has reviewed
the forward-compatibility trade-off.
Test vectors
A conformance suite for this library (6 valid + 8 invalid receipts, each documenting one specific behaviour) lives in the spec repository:
- Vectors:
test-vectors/ - Reproducible generator:
test-vectors/generate.py
If your verifier disagrees with any vector, please file an issue on Aqta-ai/attestation-spec.
Receipt format
See ATTESTATION-v1.
Security issues
Please do not open public GitHub issues for cryptographic vulnerabilities. See SECURITY.md.
Licence
Apache-2.0.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aqta_verify_receipt-1.0.2.tar.gz.
File metadata
- Download URL: aqta_verify_receipt-1.0.2.tar.gz
- Upload date:
- Size: 7.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
45ee05088871365bbddac8464d595e11894e68f54319fac538ac60bd1a06bfa8
|
|
| MD5 |
ed88ef2f70fa1e12375a687fc25a515a
|
|
| BLAKE2b-256 |
390e2fa173e924fc257761593388f57b5334f2bc6d83da220ca1bbff4e2a6bb5
|
File details
Details for the file aqta_verify_receipt-1.0.2-py3-none-any.whl.
File metadata
- Download URL: aqta_verify_receipt-1.0.2-py3-none-any.whl
- Upload date:
- Size: 7.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b2d97b18f9bb872679ef605277d08660234eb7efe57b490d53685fa3cc50c97a
|
|
| MD5 |
84796da61006ab6e5186b89fab114142
|
|
| BLAKE2b-256 |
ca0e08400fc372adcc69475556078656d45c9740147000c98d344211c1a36263
|
