GAFAIG
GAFAIG PUBLIC KEY

Public verification key for GAFAIG signed verification proof

GAFAIG uses a public verification key to allow external systems to validate signed AI governance certification surfaces. The public key verifies that a GAFAIG signed verification proof payload was signed by GAFAIG and has not been altered.

Open Public Key JSONDeveloper DocsOpen Verification Surface
Algorithm
Ed25519
Public Key Endpoint
/api/.well-known/gafaig-public-key
Canonical Payload
proof.messageString
HOW VERIFICATION WORKS

Signed verification proof makes certification independently verifiable

Each GAFAIG verification surface response includes a canonical messageString and signature. External systems fetch the public key, verify the signature against the exact messageString, and then evaluate lifecycle and eligibility fields.

Fetch the public verification surface response from /api/verify/{registryId}.
Read proof.messageString exactly as returned.
Read proof.signature and proof.verificationKeyUrl.
Fetch the GAFAIG public key and validate the signature.
Trust only active, public, eligible certified certification surfaces.
Never reconstruct messageString from JSON fields.
PUBLIC KEY ENDPOINT

Fetch the GAFAIG public key

The public key endpoint exposes the verification key used by external systems to validate GAFAIG signatures.

curl https://www.gafaig.com/api/.well-known/gafaig-public-key
VERIFY ENDPOINT

Fetch a signed verification payload

The verify endpoint returns the public certification surface, proof object, signature, messageString, and public key URL for a GAFAIG certification surface.

curl https://www.gafaig.com/api/verify/GAFAIG-00000001
CANONICAL RULE

Verify the exact messageString

Independent verification depends on the exact signed payload. Any change to whitespace, ordering, timestamp format, escaping, or field values invalidates the signature.

Verification MUST use:

proof.messageString
proof.signature
proof.verificationKeyUrl

Do not reconstruct the payload from record fields.
TRUST CLAIM RULE

When a GAFAIG certification surface may be cryptographically trusted

A downstream system may display a trusted GAFAIG certification surface claim only when the signature validates and the record satisfies the public governance trust contract.

Signature validates successfully against proof.messageString.
certificationStatus is CERTIFIED.
lifecycleStatus is active.
visibilityStatus is public.
verificationEligible is true.
badgeEligible is true.
FAIL SAFE

If verification fails, do not trust the certification surface

If messageString is missing, the signature is missing, the key is unavailable, or signature validation fails, external systems must treat the certification surface as invalid or unavailable.

Missing messageString means verification is invalid.
Missing signature means no cryptographic proof is available.
Public key failure means verification is unavailable.
Signature mismatch means payload integrity failed.
Expired certification surfaces must not be shown as currently active.
Revoked certification surfaces must not be shown as cryptographically trusted.
Release: devGovernance verification engine executed on Snowflake (deterministic scoring, registry snapshots, and public verification views)