JWKS
The JSON Web Key Set (JWKS) endpoint exposes Elydora's public signing keys. Use these keys to independently verify Elydora Acknowledgement Receipts (EARs) and Epoch Root signatures without trusting the API.
Get JWKS
GET
/.well-known/elydora/jwks.json
Retrieve Elydora's public signing keys in JWKS format. No authentication required.
This endpoint is publicly accessible and requires no authentication. It follows the standard JWKS format defined in RFC 7517.
Example Request
bash
curl https://api.elydora.com/.well-known/elydora/jwks.jsonResponse
json
{
"keys": [
{
"kty": "OKP",
"crv": "Ed25519",
"kid": "elydora-signing-key-001",
"x": "base64url-encoded-public-key...",
"use": "sig",
"alg": "EdDSA"
}
]
}Verification Usage
To verify an Elydora signature (on an EAR or EER), fetch the JWKS, find the key matching the elydora_kid from the receipt, and verify the Ed25519 signature against the receipt hash.
typescript
// Fetch Elydora's public keys
const jwks = await fetch('https://api.elydora.com/.well-known/elydora/jwks.json');
const { keys } = await jwks.json();
// Find the key matching the receipt's kid
const key = keys.find(k => k.kid === receipt.elydora_kid);
// Verify the signature using Ed25519
const isValid = await crypto.subtle.verify(
'Ed25519',
publicKey,
signature,
receiptHash
);