If someone clones your repo, copies your branding, fakes a Twitter account in your name · fallshield is the cryptographic proof that the real you signed the real build.
"A keypair you generate in 2 seconds. The public half goes on your hub. The secret half stays on your machine. Every tool you ship gets signed. Anyone can verify. Impersonators cannot fake the signature without your secret key."
Click GENERATE. Your browser creates an Ed25519 keypair. Secret key never leaves this page — copy it somewhere safe (a password manager, paper, fallvault).
Generate a key above first. Then type a message. Sign produces a signature. Verify confirms it's yours.
<script src="https://sjgant80-hub.github.io/fallshield/fallshield-shim.js"></script>
<script>
const kp = await FallShield.generate();
const sig = await FallShield.sign('hello world', kp.secretKey);
const ok = await FallShield.verify('hello world', sig, kp.publicKey);
console.log('valid?', ok);
</script>
Once you have a keypair, you publish your public key + identity card somewhere everyone can find it (your hub, your GitHub profile, your LinkedIn). The card is just JSON:
{
"kind": "fallshield/identity",
"v": "1.0.0",
"name": "Simon Gant",
"publicKey": "<base64 ed25519 public key>",
"issued": "2026-05-30T22:00:00Z",
"seal": "◊·κ=1",
"prime": 379,
"hub": "https://www.ai-nativesolutions.com",
"github": "sjgant80-hub"
}
Now anyone can fetch your card, grab your public key, and verify any signed artifact you ship. Impersonators can't fake the signature without your secret key — even if they clone every public byte you've ever published.
| Threat | fallshield response |
|---|---|
| Someone forks your repos and rebrands as themselves | Original signed releases verify · clones don't |
| Spoofed Twitter / LinkedIn / FB account in your name | Real account links to your public key + card |
| Phishing tool pretending to be your sovereign build | Tool's manifest is signed · users check signature on download |
| Modified version of your tool with malware injected | Signature breaks · users see the warning |
| "Did this person really write this?" | Anyone can verify with your public card in 1 second |
Every sovereign tool in the estate adopts the shield pattern:
ai-nativesolutions.com/.fallshield-identity.jsonThis compounds with the existing Konomi Ed25519 audit-chain pattern already in your estate (tasks 32-44). fallshield extends it from transaction-level to identity-level.
Konomi signs actions inside your tools (transaction audit chain). fallshield signs the tools themselves + your identity. They mesh.
Yes · one master + per-tool sub-keys is recommended. Master signs sub-keys' identity cards. Master stays in cold storage (paper + fallvault). Sub-keys do daily work.
Rotate · publish a new public key signed by the old one (revocation pattern). The estate updates in 24 hours via the registry.
Standard since 2018 · used by SSH, Tor, Signal, age, minisign. WebCrypto added native support in 2023. Faster than RSA, smaller signatures, no entropy hazard at sign-time.
MIT · part of AI Native Solutions · source