{"title":"TrustFlash audit checkpoint — offline verification","summary":"Each checkpoint is an Ed25519 signature over a canonical byte representation of (tenant_id, chain_head_hash, event_count, checkpoint_at, prev_checkpoint_id). To verify a checkpoint, reconstruct the canonical bytes, then verify the signature with the platform public key.","canonical_form":"trustflash/v1|<tenant_id>|<chain_head_hash>|<event_count>|<checkpoint_at_iso>|<prev_checkpoint_id_or_GENESIS>","encoding":"UTF-8 bytes","signature_encoding":"Base64 (RFC 4648)","key_format":"SubjectPublicKeyInfo PEM (RFC 5280)","steps":["GET /v1/public/trustflash/public-key — pin the public_key_pem","Reconstruct canonical bytes per canonical_form above","Base64-decode the signature","Use any Ed25519 library to verify"],"python_example":"from cryptography.hazmat.primitives import serialization\nfrom cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey\nimport base64\npub = serialization.load_pem_public_key(pem_bytes)\nmsg = f'trustflash/v1|{tenant}|{head}|{count}|{ts}|{prev}'.encode()\npub.verify(base64.b64decode(signature), msg)  # raises InvalidSignature on bad sig\n","ref_libraries":["cryptography (Python)","libsodium (C/many bindings)","openssl 3+"]}