Create a local ES256 or Ed25519 passkey identity and export a shareable public key when needed.
Passkey-backed document integrity
Offline proof for documents that need to stay trustworthy.
Use Cryptosign to create author identities, sign deliverables, and validate authenticity on the client side. The homepage explains the system. The workspace handles the cryptography.
Keep the original file intact and attach a separate signature for delivery.
Clients can verify authenticity without central servers or account systems.
Why this flow works
Detached signatures without infrastructure lock-in
Authors can publish a public key once, keep the signing key locked inside a local passkey, and hand over the original file plus a detached signature. Clients verify everything locally in the browser with no service dependency.
- All cryptographic operations run on the client side through WebAssembly.
- No account creation or hosted signing service is required.
- Signatures are detached so the original document remains unchanged.
Who it helps
Built for agencies, consultants, studios, and internal ops teams
If you ship contracts, PDFs, reports, firmware notes, or regulated handoff documents, you can use Cryptosign as a lightweight integrity layer without rolling out a heavier PKI stack.
Zero-trust by default
The application can be hosted as static files while still keeping key generation, signing, and verification on the user's device.
Operating model
Three steps from identity to client verification
Generate an identity
Create a fresh passkey identity, choose ES256 or Ed25519, and publish the generated public key as a PEM `.pub` file.
Sign the document
Load the source file and private key to produce a detached signature file named after the original document.
Verify the handoff
Open the workspace, provide the document, signature, and public key, and confirm the integrity state immediately.