{
  "profile_id": "manifest_signature",
  "version": "1.0.0",
  "published": "2026-06-29",
  "name": "Apeiris Manifest Signature Profile",
  "description": "Specifies the algorithm, canonicalization method, and verification procedure for cryptographic integrity assertions on Apeiris domain control matrix manifests and individual dataset files. Consumers who require strong integrity guarantees MUST perform these checks before relying on any Apeiris control matrix in an automated compliance or enforcement pipeline.",
  "status": "live",
  "normative_anchor": {
    "standard": "RFC 8785 \u2014 JSON Canonicalization Scheme (JCS)",
    "url": "https://www.rfc-editor.org/rfc/rfc8785",
    "signing_algorithm": "Ed25519 (EdDSA over Curve25519)",
    "hash_algorithm": "SHA-256"
  },
  "artifact_integrity": {
    "description": "Each domain control matrix JSON file carries a SHA-256 content hash in manifest.json under domains[N].sha256. This hash is computed over the raw bytes of the domain JSON file as served. JCS canonicalization is reserved for the in-design manifest signature (see manifest_signature below); the per-domain file hashes cover raw content and are recomputable by any consumer over HTTPS.",
    "hash_scope": "raw file bytes",
    "hash_algorithm": "SHA-256",
    "encoding": "lowercase hex string",
    "field_in_manifest": "domains[N].sha256",
    "verification_steps": [
      "Fetch the domain control matrix JSON from the endpoint listed in manifest.json for this domain slug",
      "Compute SHA-256 over the raw response bytes",
      "Compare the lowercase hex digest to the sha256 value in manifest.json under domains[] for this domain slug",
      "Fail closed if the values do not match"
    ]
  },
  "manifest_signature": {
    "status": "live",
    "description": "manifest.json is signed with an offline Ed25519 key. The signature (manifest.integrity.signature) covers the RFC 8785 (JCS) canonical form of the manifest with integrity.signature removed.",
    "field": "manifest.integrity.signature",
    "algorithm": "ed25519",
    "canonicalization": "RFC 8785 (JCS)",
    "public_key": "integration/keys/manifest-signing-ed25519.pub.json",
    "key_id": "ed25519-1f89c22423ab21b2",
    "verify": "node apeiris-control-core/tests/verify-manifest.mjs (fail-closed; also runs in npm test). Consumers: recompute the JCS canonical manifest minus integrity.signature and Ed25519-verify against the published public key."
  },
  "current_integrity_guarantee": {
    "description": "Manifest signing is live (Ed25519 over the JCS canonical manifest). Consumers should verify the signature against the published public key AND check the per-artifact SHA-256 hashes in artifact_checksums. TLS 1.3 provides transport integrity.",
    "transport_guarantee": "TLS 1.3 over HTTPS with HSTS on apeiris.ai",
    "content_hash_coverage": "all 12 domain control matrices",
    "hash_freshness": "updated on every domain version increment"
  },
  "fail_closed_policy": {
    "recommendation": "In automated compliance pipelines, treat hash or signature verification failure as a blocking condition. Do not proceed with control matrix evaluation if the fetched dataset does not match the expected checksum.",
    "allowed_failures": "none for blocking compliance checks",
    "advisory_mode": "acceptable for exploratory tooling only"
  },
  "canonicalization_reference": {
    "rfc": "RFC 8785",
    "key_rules": [
      "Object members sorted lexicographically by key (Unicode code point order)",
      "No insignificant whitespace",
      "Numbers serialized without trailing zeros or leading zeros (except one before decimal point)",
      "Strings serialized with Unicode escape sequences for control characters",
      "UTF-8 encoding throughout"
    ]
  },
  "meta": {
    "authored_on": "2026-06-29",
    "schema_version": "1.0.0",
    "endpoint": "https://apeiris.ai/integration/profiles/manifest_signature.json"
  }
}
