OpenChainGraph Suite · ART-130 · wave 24

HTTP Signatures Directory Validator

Validate the /.well-known/http-message-signatures-directory JWKS: well-known path correct, all keys OKP/Ed25519, keyid from Signature-Input resolves to a key in the directory. Agent fetches the directory and supplies the JSON — zero network in-tool.

RFC 9421Web Bot AuthJWKSWell-knownW3C VC §13.11Zero PIIClient-side only

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Scope

Stage 2 of the agent-identity-verification chain (art-129→130→131). Validates the JWKS at /.well-known/http-message-signatures-directory: path matches exact string, every key has kty=OKP and crv=Ed25519, and the keyid supplied from the Signature-Input header resolves to an entry. Pass the directory JSON fetched externally by the orchestrating agent. Feeds the Signature Agent Card validator (art-131).

Presets

Well-Known Path must be /.well-known/http-message-signatures-directory

Keyid from Signature-Input header keyid parameter

Directory JWKS JSON from the well-known endpoint

Result

Execution Hash & §4 Artifact

SHA-256 execution hash (JCS canonical — RFC 8785):

Chain Handoff → art-131

Pass execution_hash as parent_hashes[0] when calling validate_signature_agent_card (art-131) to complete the agent-identity-verification chain.