TachyonicTachyonic

Verifying evidence bundles

Verify that an evidence bundle was produced by Tachyonic and has not been tampered with

Overview

Every artifact emitted by a Tachyonic runtime is signed with an Ed25519 key managed by Tachyonic. A small evidence manifest is written alongside the artifact and carries:

  • The SHA-256 of the artifact bytes
  • The signature over that hash
  • The key identifier
  • An optional Rekor transparency-log entry that recorded the signature publicly

The CLI ships a tachyonic verify command that validates the manifest end-to-end. The verifier is fully offline once you have the published public key — your scan data never leaves your machine.

Quick start

tachyonic verify ./tachyon-scan.manifest.json

You can pass any of:

  • a manifest file (*.manifest.json)
  • the artifact file itself (the verifier finds the adjacent manifest)
  • a directory containing both

A passing verification prints:

OK  artifact:    ./tachyon-scan.json
    manifest:    ./tachyon-scan.manifest.json
    sha256:      ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
    key_id:      tachyonic-signing-2026-05
    signed_at:   2026-05-29T10:00:00+00:00
    rekor:       4f2c…b7e1 (logIndex 8123410)
    rekor URL:   https://rekor.sigstore.dev/api/v1/log/entries/4f2c…b7e1

Any of these fail the verification:

  • the artifact bytes don't match the recorded SHA-256 (tampering)
  • the signature doesn't validate against the published public key (forged or wrong key)
  • the manifest's key_id isn't in the published bundle (unknown signer)

The published public key

The active signing public key lives at:

https://tachyonic.sh/.well-known/signing-pubkey.json

Shape:

{
  "keys": [
    {
      "key_id": "tachyonic-signing-2026-05",
      "algorithm": "ed25519",
      "pem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n",
      "active_from": "2026-05-29"
    }
  ]
}

The bundle returns all keys that have ever been used to sign artifacts — retired keys carry a retired_at date. This means historical artifacts continue to verify after a rotation.

Air-gapped or offline verification

If you can't reach tachyonic.sh, save the public key locally and pass it explicitly:

# Save once, anywhere reachable to you
curl -s https://tachyonic.sh/.well-known/signing-pubkey.json \
  | jq -r '.keys[0].pem' > ~/.tachyonic/signing-pubkey.pem

# Verify offline thereafter
tachyonic verify ./tachyon-scan.manifest.json \
  --pubkey ~/.tachyonic/signing-pubkey.pem

You can also point at a private mirror with --pubkey-url.

The Rekor transparency log

When the runtime can reach https://rekor.sigstore.dev, it publishes a hashedrekord entry recording (sha256, signature, public-key). The entry is publicly visible and append-only — it proves the signature existed at the time Rekor accepted it.

If Rekor is unreachable, the manifest is emitted without the entry and verification still succeeds locally; you simply don't get the public-log inclusion proof.

To disable Rekor (e.g. an air-gapped runtime), set TACHYONIC_REKOR_DISABLED=1 on the runner.

What verification does not guarantee

  • It does not prove the scan ran in a specific region or cluster. That's covered by the in-toto attestation predicate in Phase B.
  • It does not prove the substrate ran a clean build. That's SLSA provenance, Phase C.
  • It does not protect against a compromised signing key. Key rotation and revocation are the operator's responsibility; check the published bundle's retired_at dates before trusting an old key_id.

What it does guarantee: the artifact bytes are exactly what Tachyonic signed, and the signer held the private key matching the published public key.

CI/CD Integration

Run Tachyonic security scans in GitHub Actions, GitLab CI, and other CI/CD pipelines

Attack Catalog

16 attack categories aligned to OWASP LLM Top 10 and MITRE ATLAS

On this page

OverviewQuick startThe published public keyAir-gapped or offline verificationThe Rekor transparency logWhat verification does not guarantee