🔐 Sign & Verify
Build cryptographic trust for AI agents using signatures, certification, and delegated authority
The Agent Trust Problem
❌ Without Trust Verification
• Agents can't verify content authenticity
• Easy to spoof or tamper with feeds
• No traceability of data origins
• Vulnerable to injection attacks
• Enterprise agents refuse to act
✅ With Cryptographic Trust
• Agents verify signatures before acting
• Tamper-proof content guarantee
• Full audit trail and provenance
• Protection against malicious feeds
• Enterprise-grade security compliance
🎯 Bottom Line: Agents need to trust your content before they'll act on it. Cryptographic signatures provide mathematical proof of authenticity and integrity.
Trust Hierarchy: From Zero to Enterprise
Unsigned
No guarantee of authenticity
Signed
Cryptographic proof of origin
Certified
Third-party validation
Delegated
Authority-backed identity
Recommended Trust Levels by Use Case
📄 Documentation: Signed (traceability)
🔑 API Credentials: Certified (mandatory)
🏥 Healthcare Data: Certified (compliance)
💰 Financial APIs: Certified (regulations)
🧪 Personal Experiments: Delegated (friction-free)
🌍 Public Content: Signed (authenticity)
Asymmetric Cryptography for Humans
Two keys, one purpose: prove authenticity without sharing secrets
Private Key (Secret)
• Keep it secret: Never share, never expose
• Used to sign: Creates digital signatures
• Your identity: Proves you authored content
• Secure storage: Hardware tokens, key vaults
Public Key (Shared)
• Share freely: Public at /.well-known/public.pem
• Used to verify: Validates signatures
• Agent access: Agents fetch to verify feeds
• Trust anchor: Mathematical proof of authenticity
🔄 The Signature Workflow
1. Create Feed
Structure your .llmfeed.json
2. Sign
Use private key to sign
3. Publish
Serve feed + public key
4. Verify
Agents verify signature
Trust Block Structure
The trust, signature, and certification blocks work together to provide cryptographic proof and third-party validation:
{
"feed_type": "export",
"metadata": {
"title": "API Documentation Export",
"origin": "https://myapi.com/docs",
"created_at": "2025-06-19T10:30:00Z"
},
"content": {
"documentation": "Complete API reference...",
"examples": [...]
},
"trust": {
"trust_level": "certified",
"scope": "full",
"signed_blocks": ["metadata", "content", "trust"],
"public_key_hint": "https://myapi.com/.well-known/public.pem"
},
"signature": {
"algorithm": "ed25519",
"value": "base64-signature-value...",
"created_at": "2025-06-19T10:30:00Z"
},
"certification": {
"certifier": "https://llmca.org",
"model": "identity_validation",
"verification_level": "enterprise",
"value": "base64-certification-value...",
"issued_at": "2025-06-19T10:30:00Z",
"expires_at": "2026-06-19T10:30:00Z"
}
}🔒 Trust Block
• trust_level: self-declared | certified | delegated
• scope: partial | full
• signed_blocks: what's cryptographically protected
✍️ Signature Block
• algorithm: ed25519 (recommended)
• value: base64-encoded signature
• created_at: signing timestamp
🏆 Certification Block
• certifier: trusted authority (LLMCA)
• model: identity_validation
• expires_at: certification validity
Delegated Signing: Friction-Free Onboarding
Not everyone can manage cryptographic keys. Delegated signing provides a bridge for individuals and small teams to participate in the trust ecosystem.
How Delegated Signing Works
1. Identity Challenge
Email, domain, or phone verification
2. LLMCA Signs
Authority key creates signature
3. Identity Linked
Signature tied to verified identity
4. Agent Trust
Lower trust, but still verifiable
✅ Perfect For
• Individual developers learning MCP
• Small teams without PKI infrastructure
• Experimental and prototype feeds
• Educational and tutorial content
• Open source community contributions
⚠️ Limitations
• Lower trust level than self-signing
• Depends on LLMCA infrastructure
• Not suitable for high-security scenarios
• Enterprise agents may require full crypto
• Limited to specific verification methods
{
"trust": {
"trust_level": "delegated",
"scope": "partial",
"signed_blocks": ["metadata"],
"delegation_method": "email_challenge",
"identity_verified": "developer@example.com",
"public_key_hint": "https://llmca.org/.well-known/llmca_authority.pem"
},
"signature": {
"algorithm": "ed25519",
"value": "base64-delegated-signature...",
"created_at": "2025-06-19T10:30:00Z",
"signed_by": "LLMCA Authority"
}
}🚀 Try Delegated Signing
LLMCA provides a delegated signing service for easy onboarding to the trust ecosystem.
Feed Types & Signing Requirements
Different feed types have different security requirements based on their purpose and risk level.
🔴 High Security (Must Sign)
• credential.llmfeed.json: API keys, tokens
• agent-behavior-override: Behavioral modification
• capabilities.llmfeed.json: Service capabilities
• Financial/Healthcare data: Regulated content
🟡 Medium Security (Should Sign)
• mcp.llmfeed.json: Main service discovery
• export.llmfeed.json: Content exports
• Bundle manifests: Archive integrity
• API documentation: Technical specifications
🟢 Low Security (Optional)
• llm-index.llmfeed.json: Feed directories
• manifesto.llmfeed.json: Policy statements
• Public documentation: General information
• Marketing content: Public-facing material
🔵 Experimental (Flexible)
• prompt.llmfeed.json: AI prompts & templates
• session.llmfeed.json: Conversation exports
• Prototype feeds: Development & testing
• Personal projects: Individual experiments
Getting Started: Choose Your Path
🚀 Beginner
• Start with delegated signing
• Email/domain verification
• Perfect for learning & experimenting
💻 Developer
• Generate your own keys
• Self-sign feeds locally
• Full control over signing process
🏢 Enterprise
• LLMCA certification program
• Hardware security modules
• Compliance & audit support
🛠️ Coming Soon: Enhanced Tooling
• No-code signing: Visual interface for signatures
• Key hosting: LLMCA public key hosting service
• SDK improvements: One-line signing integration
• Browser extension: Sign feeds from any page
• CI/CD integration: Automated signing pipelines
• Verification dashboard: Monitor trust status
📧 Want early access? Contact opensource@wellknownmcp.org