Quantum‑Sign Verification Output
The `verify --json` command emits a structured report suitable for tooling.
Example
{
"status": "ok",
"alg": "mldsa-87",
"digest_alg": "sha512",
"domain": "quantum-sign-v1",
"canonical": true,
"m": 1,
"n": 1,
"kids_total": 1,
"kids_verified": 1,
"verified_kids": ["<KID>"]
"policy_hash_hex": "<hex>",
"file_digest_hex": "<hex>",
"qsig_size": <bytes>,
"message": null,
"creator": "Anubis Quantum Cypher",
"display_name": "Anubis Quantum Cypher"
}
Notes
- `canonical` is true only if re-encoding the `.qsig` exactly matches the input bytes.
- `verified_kids` lists the KIDs (derived from SPKI) that matched embedded signatures, one-to-one.
- `m`, `n`, and kid counts are enforced against the claims embedded in the signature.
- Verification is fully offline; the trust store is a directory of `.spki` files named by KID.
- If present, `creator` and `display_name` are signer-provided metadata, cryptographically bound in the signed claims.