ZADA
Detached PKI · COSE_Sign1 · Ed25519

Cold credentials for sensitive identity & medical data.

Issue tamper-evident credentials encoded as compact ZADA: QR strings. Verify online or fully offline against a signed trust bundle.

Start issuing Read API docs

Multi-tenant PKI

Each issuer is bound to an Ed25519 keypair and X.509 thumbprint. Keys never leave the server boundary.

ZADA pipeline

Claims → CBOR → COSE_Sign1 → ZLIB → Base45 → ZADA: prefix. Standards-compliant, scanner-ready.

Offline verification

Trust bundle endpoint emits a signed CBOR registry — verify without network connectivity.

Issuance pipeline

Cold, compact, cryptographically detached.

  • Payload claims are CBOR-encoded for size & determinism.
  • COSE_Sign1 wraps the bytes with alg=EdDSA, kid, and x5t#S256 headers.
  • ZLIB compresses; Base45 makes it QR-safe; ZADA: prefix marks the format.
  • QR is rendered Level H into an A4 PDF for printing.
Sample envelope
ZADA:6BFOXN%TS3DH3ZSUZK+.V0ETD%65NL-AH-R6IO
OK*P*BEAS00DI3D8.V0/00CCF*0LP-2QZTYM7QZ.0
A78R/RNI8/DRQVRLI4RQH3R5O+2:JEVJ9R0JE2JF
9R...
alg
EdDSA (-8)
format
COSE_Sign1
Public registry

Browse trusted issuers, kids, and thumbprints.

Open
API reference

/issue, /verify, /registry/sync — all examples.

Open
Dashboard

Manage issuers, API keys and templates.

Open