Crovia Seal · Trust Root · v1

The Crovia Trust seal issuer.

Public Ed25519 key, machine-readable trust root, self-signed manifest. Pin out-of-band.

What this subdomain is

This subdomain serves the trust root for seals issued by Crovia Trust under the Crovia Seal v1 specification. The product home, with full documentation and adoption paths, is at croviatrust.com/registry/seal/.

Endpoints

/trust-root.json — the canonical trust root document (issuer URN, public key, validity, spec, anchor metadata)
/trust-root.sig.json — detached self-signature over the trust root for tamper detection

Verifying offline (3 lines)

from crovia_seal import load_public_key
import json, urllib.request, hashlib

raw  = urllib.request.urlopen("https://seal.croviatrust.com/trust-root.json").read()
sig  = json.load(urllib.request.urlopen("https://seal.croviatrust.com/trust-root.sig.json"))
root = json.loads(raw)
pub  = load_public_key(root["issuer"]["pubkey"])
pub.verify(bytes.fromhex(sig["signature_hex"]), raw)   # raises InvalidSignature on tamper

Pin our public key out-of-band

For first-trust use, pin the issuer pubkey via this published value:

b6149a4278a9e66fc08dba86929a0ff0f6c50d610701f597a8e390c67a28d949

This same value is mirrored at github.com/croviatrust/crovia-seal/…/trust-root.public.hex for cross-channel verification.

For the full Crovia Seal product page (spec, ref impls, adoption paths, browser extension, transparency log) see croviatrust.com/registry/seal/.