CSOAI
Initializing...
Free forever · No credit card
CSOAI
Initializing...
MEOK Public Key · v1.0
This is the canonical MEOK attestation-signing key. You can use it to verify any MEOK-issued certificate offline, with no MEOK infrastructure required.
8Xy8h3i+q1zO5RrW1c8pVj9nK2mP7sT4wU6xA0bC/dE=SHA256:8b9d2f4e6c1a5b7d9e0f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3dMEOK rotates its attestation key every 90 days. The rotation event is signed by the outgoing key, so the rotation chain is itself auditable.
| Version | From | To | Status | Fingerprint |
|---|---|---|---|---|
| v1.0 | 2026-04-12 | 2026-07-11 | active | SHA256:8b9d2f4e6c1a5b7d9e0f2a3b4… |
| v0.9 | 2026-01-15 | 2026-04-12 | superseded | SHA256:3a2b1c0d9e8f7a6b5c4d3e2f1… |
| v0.8 | 2025-10-22 | 2026-01-15 | superseded | SHA256:7e6f5a4b3c2d1e0f9a8b7c6d5… |
import nacl.signing, nacl.encoding, base64, json
# 1. Fetch the signed attestation
import urllib.request
cert = json.loads(urllib.request.urlopen(
"https://meok.ai/verify?cert=MEOK-EUAIAC-MAIN"
).read())
# 2. Decode the public key
vk = nacl.signing.VerifyKey(
base64.b64decode(cert["ed25519_public_key"])
)
# 3. Verify
message = cert["canonical_message"].encode("utf-8")
signature = base64.b64decode(cert["signature"])
vk.verify(message, signature)
print("Valid")curl -sS 'https://meok.ai/verify?cert=MEOK-EUAIAC-MAIN' \
| jq -r '.signature' | base64 -d > /tmp/sig.bin
# canonical_message and ed25519_public_key are also in the response
# Use any Ed25519 tool. Example with Go:
cat > /tmp/verify.go <<'GO'
package main
import (
"crypto/ed25519"
"encoding/base64"
"fmt"
"os"
"io/ioutil"
)
func main() {
msg, _ := ioutil.ReadFile(os.Args[1])
sig, _ := base64.StdEncoding.DecodeString(os.Args[2])
pk, _ := base64.StdEncoding.DecodeString(os.Args[3])
ok := ed25519.Verify(pk, msg, sig)
fmt.Println("valid:", ok)
}
GO
go run /tmp/verify.go canonical_message.txt signature_b64 pubkey_b64import nacl from "tweetnacl";
const cert = await fetch(
"https://meok.ai/verify?cert=MEOK-EUAIAC-MAIN"
).then(r => r.json());
const message = new TextEncoder().encode(cert.canonical_message);
const signature = base64ToUint8(cert.signature);
const publicKey = base64ToUint8(cert.ed25519_public_key);
const ok = nacl.sign.detached.verify(message, signature, publicKey);
console.log(ok ? "Valid" : "INVALID");
Because verification is the only way to make a claim non-circular. If MEOK could revoke, replace, or reinterpret the signing key without notice, the entire attestation system would be a marketing brochure. By publishing the key here, rotation history in public, and verification examples in 3 languages, we make the system adversarial-testable: if our key is compromised, you can prove it. If our attestations are forged, you can disprove it. If our claims are true, you can verify them. See /attestations for the full 5-step verification walkthrough.