Editorial framework — to be reviewed by a lawyer
This page describes how the verification chain works in practice. It is not legal advice; it does not replace a formal compliance attestation reviewed by counsel.
Cryptographic verification, end-to-end
Every evidence pack is signed at the moment it is produced. You can verify the signature, the manifest, and the audit chain anchor offline — without trusting our servers.
Signature — Ed25519
Each evidence pack is signed by the GA Flight authority service using an Ed25519 keypair. The public key is published at /api/authority/public-key; the private key never leaves the signing host. The signature covers the manifest hash, not the raw files — so a single-bit change to any file in the pack invalidates the signature without requiring a re-download.
Manifest hash — SHA-256
The manifest is a JSON document listing every file in the pack with its SHA-256 content hash, byte size, and intended MIME type. The signature covers the manifest, and the manifest covers each file individually — so a single-bit flip in any file invalidates the manifest hash and therefore the signature.
Audit chain anchor
The signing event itself is appended to the organisation audit chain (a hash chain over `audit_log` rows). The chain link is exposed as `chain_hash_prefix` + `prev_hash_prefix` on the row that records the pack creation. To prove the pack was issued at the time we say it was, anchor those prefixes to a third-party timestamp (e.g. an OpenTimestamps proof, or a screenshot in your records management).
Offline-verify CLI
A POSIX-shell script that reproduces the three checks above without trusting our servers. Download it from /verify/cli/offline-verify.sh, then run `bash offline-verify.sh path/to/pack.zip`. Requires only `openssl`, `jq`, and `unzip` — no Node, no Python, no GA Flight binary. Source code MIT-licensed.
How signoffs are signed
Every training signoff embedded in a verified record carries its own Ed25519 signature, issued by the student's flight school under that school's per-organisation signing key. The public verify page above validates every signoff individually — a third party never needs to trust our platform's signature alone.
Each signoff includes the syllabus item code, the signing instructor, the date, and a SHA-256 hash of the canonical payload. The Ed25519 signature mathematically binds the signature to that exact content. Editing the notes invalidates the signature; revocations are themselves signed and append-only.
Verify offline without contacting our servers
The downloaded pilot pack zip includes an offline-verify.sh script. Requires openssl (>= 1.1.1) and jq.
unzip pilot-pack.zip -d pack/ cd pack/ chmod +x offline-verify.sh ./offline-verify.sh
What this does NOT prove
Verification proves that the bytes you have now match what we signed, and that we hold the private key associated with the published public key. It does not prove that the underlying flights, training events, or compliance records were correctly logged at the source — that is a procedural-controls question outside the chain.