Tenzro
Identity

KERI Compatibility.

KERI gives self-certifying identifiers persistent control through key rotation rather than re-registration. Autonomous Machine identities can publish a KEL that third-party KERI verifiers resolve — inception commits to the current keys and to digests of the next keys, so a compromise of today's keys cannot rotate the identifier.
STATUS
Testnet
CRATE
tenzro-identity::keri
DIGEST
SHA-256 (CESR code `S`)
TYPE
Identity
01

Event kinds

icp  Inception (sequence 0). Genesis event.
rot  Rotation. Reveals pre-committed next keys, commits to the round after.
ixn  Interaction. Anchors arbitrary data; key state inherited.
02

Pre-rotation

Each event commits to next_key_digests: Vec<[u8; 32]>. A valid rotation must reveal signing keys whose SHA-256 digests match the previous event's pre-commitment.

03

SAID derivation

SAID = "S" + base64url(SHA-256("tenzro/keri/said" || canonical_event_with_said_field_set_to_"#"))
Related
← All docs