Identity
KERI Compatibility.
KERI gives self-certifying identifiers persistent control through key rotation rather than re-registration. Autonomous Machine identities can publish a KEL that third-party KERI verifiers resolve — inception commits to the current keys and to digests of the next keys, so a compromise of today's keys cannot rotate the identifier.
- STATUS
- Testnet
- CRATE
- tenzro-identity::keri
- DIGEST
- SHA-256 (CESR code `S`)
- TYPE
- Identity
01
Event kinds
icp — Inception (sequence 0). Genesis event.
rot — Rotation. Reveals pre-committed next keys, commits to the round after.
ixn — Interaction. Anchors arbitrary data; key state inherited.02
Pre-rotation
Each event commits to next_key_digests: Vec<[u8; 32]>. A valid rotation must reveal signing keys whose SHA-256 digests match the previous event's pre-commitment.
03
SAID derivation
SAID = "S" + base64url(SHA-256("tenzro/keri/said" || canonical_event_with_said_field_set_to_"#"))Related