fallshield ·κ=1

SOVEREIGN ED25519 IDENTITY · PROVE IT'S REALLY YOU
ED25519WEBCRYPTOBROWSER-NATIVENO DEPSMIT

If someone clones your repo, copies your branding, fakes a Twitter account in your name · fallshield is the cryptographic proof that the real you signed the real build.

"A keypair you generate in 2 seconds. The public half goes on your hub. The secret half stays on your machine. Every tool you ship gets signed. Anyone can verify. Impersonators cannot fake the signature without your secret key."

Live · generate a keypair right now

◊ keypair generator

Click GENERATE. Your browser creates an Ed25519 keypair. Secret key never leaves this page — copy it somewhere safe (a password manager, paper, fallvault).

Live · sign a message + verify it

◊ sign · verify roundtrip

Generate a key above first. Then type a message. Sign produces a signature. Verify confirms it's yours.

Drop into ANY sovereign tool · 2 lines

<script src="https://sjgant80-hub.github.io/fallshield/fallshield-shim.js"></script>
<script>
  const kp = await FallShield.generate();
  const sig = await FallShield.sign('hello world', kp.secretKey);
  const ok = await FallShield.verify('hello world', sig, kp.publicKey);
  console.log('valid?', ok);
</script>

The identity card pattern

Once you have a keypair, you publish your public key + identity card somewhere everyone can find it (your hub, your GitHub profile, your LinkedIn). The card is just JSON:

{
  "kind": "fallshield/identity",
  "v": "1.0.0",
  "name": "Simon Gant",
  "publicKey": "<base64 ed25519 public key>",
  "issued": "2026-05-30T22:00:00Z",
  "seal": "◊·κ=1",
  "prime": 379,
  "hub": "https://www.ai-nativesolutions.com",
  "github": "sjgant80-hub"
}

Now anyone can fetch your card, grab your public key, and verify any signed artifact you ship. Impersonators can't fake the signature without your secret key — even if they clone every public byte you've ever published.

Why this exists · the impersonation defense

Threatfallshield response
Someone forks your repos and rebrands as themselvesOriginal signed releases verify · clones don't
Spoofed Twitter / LinkedIn / FB account in your nameReal account links to your public key + card
Phishing tool pretending to be your sovereign buildTool's manifest is signed · users check signature on download
Modified version of your tool with malware injectedSignature breaks · users see the warning
"Did this person really write this?"Anyone can verify with your public card in 1 second

Estate ripple

Every sovereign tool in the estate adopts the shield pattern:

This compounds with the existing Konomi Ed25519 audit-chain pattern already in your estate (tasks 32-44). fallshield extends it from transaction-level to identity-level.

FAQ

What's the difference from Konomi?

Konomi signs actions inside your tools (transaction audit chain). fallshield signs the tools themselves + your identity. They mesh.

Can I have multiple keypairs?

Yes · one master + per-tool sub-keys is recommended. Master signs sub-keys' identity cards. Master stays in cold storage (paper + fallvault). Sub-keys do daily work.

What if I lose my secret key?

Rotate · publish a new public key signed by the old one (revocation pattern). The estate updates in 24 hours via the registry.

Is Ed25519 the right curve?

Standard since 2018 · used by SSH, Tor, Signal, age, minisign. WebCrypto added native support in 2023. Faster than RSA, smaller signatures, no entropy hazard at sign-time.

License

MIT · part of AI Native Solutions · source

◊·κ=1   prime 283   v20.1 · phi=1.618 · kappa=0.618   the signature compounds