QStrike — verify any signed event
Verify any QStrike-signed event
Three steps. Public key, captured SSE envelope, openssl. No proprietary tooling required.
Fetch the public key
The qstrike streaming subdomain publishes the active signing public key at /api/stream/public-key. Save it locally in PEM form.
curl https://stream.qtonicquantum.com/api/stream/public-key > qstrike-pubkey.pemCapture the SSE event
Save the JSON envelope of any QStrike SSE event you want to verify. The envelope ships with .signature and .payload fields.
# Save the captured SSE event JSON locally
# event.json must contain a .signature field (base64-encoded ECDSA-P256-SHA256)
# and a .payload field (the signed canonical payload string)Verify the signature
Run openssl dgst against the saved public key. Exit code 0 with output "Verified OK" confirms the event was signed by the QStrike streaming key.
echo -n "$(jq -r .payload event.json)" \
| openssl dgst -sha256 \
-verify qstrike-pubkey.pem \
-signature <(jq -r .signature event.json | base64 -d)What gets signed
Signature surface
- Every SSE event envelope from stream.qtonicquantum.com.
- Algorithm: ECDSA-P256-SHA256.
- Public key fingerprint visible at /api/stream/fingerprint for out-of-band confirmation.
Reference implementation
Where the verifier lives
Reference Python verifier verify_gates.py ships in the qstrike-engine repository and is available on request.
npm-published CLI shipping in next release: @qtonicquantum/qstrike-verify.
Per-bundle attestation chain (engine code hash plus per-provider job IDs plus calibration snapshots) ships in the next release. Today’s verification surface is per-event-envelope only.
Why this matters
Zero-trust verification
- Buyers verify any signed event without QStrike’s involvement.
- Cryptographic proof of audit-trail integrity, independent of the QStrike runtime.
- Forms the substrate for downstream bundle-level attestation in the next release.
Want the reference verifier?
Leave an address and we will send the current Python verifier and notify you when the npm-published CLI ships.