Skip to main content
IDevSec LogoIDevSec
< Back to Docs

Creduent Cryptography

The cryptographic foundations of AI agent trust.

1. Ed25519 Digital Signatures

Creduent utilizes the Ed25519 elliptic curve signature scheme. This provides extreme performance (essential for high-throughput AI agent-to-agent communication) alongside robust security margins. Keys are short (32 bytes), signatures are compact (64 bytes), and verification is deterministic.

2. JSON Canonicalization (JCS)

Because AI agents exchange JSON metadata, we must ensure that the payload exactly matches the signed bytes, regardless of whitespace or key ordering. Creduent enforces RFC 8785 (JSON Canonicalization Scheme - JCS). Before an agent signs its agent.json, the payload is stringified using JCS, ensuring absolute consistency across platforms (Python, Node.js, Go).

3. DNS Binding & Anchoring

Cryptography alone only proves that a key signed a document. To bind that key to a real-world entity, Creduent leverages the Domain Name System (DNS). The public key must be placed in a TXT record at _creduent.domain.com. By combining DNS domain validation with an Ed25519 signature, Creduent achieves a robust, decentralized root of trust without needing a centralized Certificate Authority (CA).

verified_userCREDUENTextensionIDENTABARbusinessSERVICESinfoABOUTworkCAREERSsendCONTACT