← Back to portal

Auditor Guidelines

1. Scope

• This guideline covers verification of Root-signed registry documents and PX-TL evidence artifacts (SCT, STH, proofs).
• It does not cover end-user environments, SBOM correctness, vulnerability triage, or product quality claims.

2. Inputs

• Evidence pack produced by the Wedge (receipt(s), report, optional submission archive).
• Registry documents (Root-signed): /v1/operator.json, /v1/policy.json, /v1/fee-schedule.json, /v1/registry-manifest.json.
• Trust store snapshot (Root-signed): /v1/trust-store.json.
• Optional: attachable snapshot /v1/px-tl/registry-health (includes audit_evidence).

3. Canonical JSON requirement

When verifying signatures, the verifier MUST compute the message bytes as UTF-8 encoding of the canonical JSON of the payload object:

• Object keys sorted lexicographically (ascending).
• No whitespace outside JSON string escaping.
• Array order preserved.

4. Root signature verification (registry documents)

For any Root-signed document { payload, signature }:

• The verifier MUST verify signature.sig_alg == "ed25519".
• The verifier MUST compute msg = UTF8(canonical_json(payload)).
• The verifier MUST verify Ed25519Verify(root_public_key, msg, signature.signature_b64u).

Pinned Root Public Key (raw32 base64url)

vKYG_q1FzMc3_mkDierRVA5HOdG7SIO-vw98NWwsQEg

5. Issuer and log keys (trust store)

• The verifier MUST obtain /v1/trust-store.json and validate its Root signature.
• The verifier MUST treat issuer keys as authoritative only when listed as ACTIVE in the validated trust store snapshot.
• The verifier MUST treat log public keys (PX-TL logs) as authoritative only when listed as ACTIVE in the validated trust store snapshot.

6. SCT verification (PX-TL)

An SCT object has the fields:

{
  "v": "PXTL-SCT v1",
  "log_id": "...",
  "issuer_id": "...",
  "leaf_hash": "<base64url>",
  "timestamp_utc": "<ISO8601 UTC>",
  "mmd_sec": 600,
  "signature_b64u": "<base64url>"
}

6.1 Leaf hash binding

The verifier MUST confirm that leaf_hash binds to the claimed evidence input. For the reference implementation:

leaf_hash = B64u( SHA256( UTF8("PXTL1|" + canonical_hash_hex) ) )

6.2 SCT signature

The verifier MUST compute the unsigned SCT object by removing signature_b64u, then sign/verify the message:

msg = UTF8("PXTL-SCT1." + canonical_json(sct_unsigned))

The verifier MUST validate the signature using the log public key for sct.log_id from the validated trust store.

6.3 Timeliness and revocation handling

• The verifier SHOULD enforce timeliness checks consistent with the declared mmd_sec and the surrounding evidence timestamps.
• If an issuer key is later revoked, the verifier SHOULD treat evidence issued prior to a declared revocation timestamp as valid historical evidence, and evidence issued after that moment as invalid. Where a revocation timestamp is published, it MUST be applied mechanically.

7. Merkle proofs (optional)

When inclusion or consistency proofs are required, the verifier MAY use the operational endpoints:

• GET /v1/px-tl/sth?log_id=<id>
• GET /v1/px-tl/proof/inclusion?log_id=<id>&leaf_hash=<b64u>&tree_size=<n>
• GET /v1/px-tl/proof/consistency?log_id=<id>&first=<m>&second=<n>

8. Attachable registry evidence

For audit and change-control attachments, the verifier SHOULD attach the audit_evidence block returned from:

GET https://px-root-registry.org/v1/px-tl/registry-health

9. Reference verifier implementation

https://github.com/px-root-registry/px-strict-verifier