AT-1 Entropy Attestation

Prove your RNG is sound — signed, ledger-logged, re-checkable.

“Prove your keys come from a sound random source” has no clean answer in the PKI stack — x509 signs identity, not RNG quality, and a battery report is a static PDF nobody can re-verify. Entropy Attestation is the artifact AT-1 is uniquely positioned to issue: it runs the weak-RNG audit, then emits an Ed25519-signed certificate that binds the audited source, the verdict and the signer — and logs it to a hash-chained, Certificate-Transparency-style ledger. No new x509 invented — just the one trust artifact the audit makes possible.

Read the docs Get the CLI
Subscription SKU
$149/ month

Entropy Attestation is billed on the same rng_auditfeature entitlement as the RNG Auditor — gated like AT-1's other licensed engines, metered per attestation against your connected account. Cancel anytime in Stripe.

Read the docs

Launch price, set live in Stripe (changeable without redeploy). Until the price is configured the button shows Contact sales — it blocks no one.

Audit, then attest

It runs the AT-1 weak-RNG audit on a key/token source first — recover the generator if it's weak, confirm it resists known attacks if it's sound. Only a source that passes earns an attestation.

Ed25519-signed certificate

The attestation binds three things under one signature: the SHA-256 of the exact audited source, the audit verdict, and the signer's identity. Swap the source, forge the verdict, or present a different key, and verification fails.

Logged to a hash-chained ledger

Each attestation can be appended to a tamper-evident, Certificate-Transparency-style ledger — an append-only record of who attested what, when. The badge is re-checkable, not self-asserted.

Re-checkable by anyone

Hand over the public key and the source; the verifier re-runs the audit and checks the signature and the source hash. A 'keys audited' badge that survives an auditor's independent re-check.

What an attestation binds together
  • The SHA-256 of the exact audited source — so the source can't be swapped after the fact.
  • The audit verdict (BROKEN / WEAK / PASS) and the recovered generator, if any.
  • An Ed25519 signature over all of it, optionally appended to a tamper-evident ledger.

Verification re-runs the audit on the same source and checks the signature and the source hash. Forge the verdict, swap the source, or present a different signer, and it fails.

One command surface

Make a signer keypair, issue a signed attestation over a source (logged to a ledger), and let anyone re-check it with just the public key and the source.

# 1) a signer keypair — the entity vouching for the audit
at1 entropy-attest keygen --out-key signer.key --out-pub signer.pub

# 2) audit a token/key source and ISSUE a signed attestation, logged to a ledger
at1 entropy-attest issue tokens.txt --signing-key signer.key \
  --out attestation.json --ledger attestations.at1

# 3) anyone with the public key + the source can RE-CHECK it
at1 entropy-attest verify attestation.json --pubkey signer.pub --target tokens.txt
#   -> verified: true   (forged verdict / swapped source / wrong key -> false)
at1 entropy-attest verify-ledger attestations.at1   # the hash chain holds

Illustrative example. Sample commands — output shown is not from a real run.

PKI signs identity. This signs that your randomness is sound.

Entropy Attestation does not replace SSL or x509 — it composes with them. It is the trust artifact the PKI stack doesn't issue: a signed, source-bound, re-checkable certificate that a random source passed the audit.

ApproachSignedAudits the
RNG source		Re-checkable
x509 / PKI certificate
signs identity, not RNG soundness — it never audits the random source
partial
Randomness battery report (PDF)
states a verdict, but a static document can't be re-verified or bound to the exact source
partial
Self-asserted 'keys audited' badge
a claim with nothing behind it — no signature, no source binding, no re-check
AT-1 Entropy Attestation
audits the source, signs the verdict, binds the source hash, and logs it to a re-checkable ledger

Who this is for

  • CAs & HSM vendors — issue a re-checkable certificate that the RNG seeding your keys is sound.
  • IoT & device makers — attest per-device key entropy at provisioning time: supply-chain trust that survives a re-check.
  • Compliance teams — a “keys audited” badge that an auditor can independently re-verify, not take on faith.
  • Platform teams — run it in CI or via the self-hostable at1 audit-service endpoint, with every attestation logged to the ledger.

Composes with the rest of AT-1

Entropy Attestation is the audit, an Ed25519 signature, and the ledger — three things AT-1 already ships — bound into one re-checkable badge.

RNG AuditorThe audit underneath the attestation: recover a weak generator, or confirm a source resists known attacks.AT-1 LedgerThe hash-chained, append-only log every attestation is written to — tamper-evident and verifiable end to end.Attestation docsThe full CLI reference, what each attestation binds, and how verification works.

Honest scope

An attestation is only as strong as the audit beneath it: it certifies that a source resisted the known attacks and looks random at audit time — not that it is provably cryptographically secure for all time. AT-1 does notreplace SSL, x509 or your PKI; it adds the one trust artifact those don't issue — a signed, re-checkable certificate of RNG soundness, bound to the exact source.

Attestation docs The RNG AuditorThe Ledger

Issuing an attestation is metered against a connected account on the RNG-audit subscription.