Generate keys, sign files, and verify integrity offline.
This workspace keeps the operational flows separate: create an identity, sign the original document, or validate a signature package provided by an author.
Author identity generation
Create a passkey on this device and extract the matching public key for sharing with clients and auditors.
Security note: the private key never leaves the device. Signing requires this local passkey and biometric approval.
Share this PEM-encoded public key on your website, contract, or client portal. Download it as a `.pub` file for easier reuse.
This local catalog tracks passkeys created by Cryptosign in this browser so the signer can pair OS-selected credentials with the correct public key. It does not contain any private keys.
Author signing workflow
Drop the original document and let the OS show the available passkeys for this domain. After selection, Cryptosign pairs the chosen credential with its matching public key when possible.
Cryptosign no longer preselects one credential. When you click Sign, the browser or OS chooser will list discoverable passkeys for this domain.
The WebAuthn signature package has been produced locally and is ready to save as a detached `.sig` file.
Client verification workflow
Provide the original file, detached signature package, and author's public key to validate authenticity.
Paste the author's PEM `.pub` key exactly as published. Raw Base64 keys are also accepted for compatibility.
Paste the JSON signature package or load the generated `.sig` file.
Awaiting verification input
Load the document, signature, and public key to run an offline authenticity check.