Sigstore adapter
Artifact claim
Artifactproofnet-node-0.1.0.tar.gz
Signermailto:release@blockietalkie.co
Rekor bodyhashedrekord/v0.0.1
Artifact digestsha3-512:3f2a...c814
Signer digestsha3-512:9db0...1a46
Inclusioncheckpoint verified
C2PA adapter
Content claim
Assetproofnet-demo-2026.png
ProducerBlockie Talkie LLC
Manifestc2pa.assertions valid
Asset digestsha3-512:4a76...fc4f5
Manifest digestsha3-512:57ee...ffc8f
Signerx509 chain bound
Normalized packet
Different adapters, same proof record.
Sigstore and C2PA evidence each resolve into the same Proofnet packet shape. A verifier does not need to understand upstream service internals to replay the record.
{
"type": "proofnet_artifact_provenance_packet_v0",
"attesto_type": "artifact_provenance",
"identity_layer": {
"sigstore": { "signer_subject": "mailto:release@blockietalkie.co", "signer_digest": "sha3-512:9db0...1a46", "rekor_inclusion": "verified" },
"c2pa": { "producer": "Blockie Talkie LLC", "manifest_digest": "sha3-512:57ee...ffc8f", "assertions": "valid" }
},
"artifact_digest": "sha3-512:3f2a...c814",
"proofnet_pq_algorithm": "ML-DSA-87",
"canonical_digest": "SHA3-512",
"native_record": "proofnet_memory_block_first",
"optional_external_anchor": "bitcoin",
"public_safe": true
}
Why identity first
A build artifact without a signer is just a file.
01
Signer identity
The signer is validated as an identity under Proofnet AttestoBind before the artifact is accepted.
02
Artifact state
The artifact digest and release metadata are canonicalized into an accepted record.
03
PQ binding
SHA3-512 digest, ML-DSA-87 signature, identity-bound provenance record.
04
Durable proof
Memory Blocks preserve the record; Bitcoin anchoring is optional and opt-in.