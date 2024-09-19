Cloudflare’s Key Transparency Auditor validates Log audit proofs and provides a signature for them. The Log can then distribute these signatures to its end-users, and provides users with confidence that keys have not been tampered with.

In order to verify our work, you can use Plexi ↗, a CLI tool that allows anyone to perform proof verification locally via a public API.

Features

Verify authenticity of a signature, to confirm it has been signed by a given public key

Verify the validity of facebook/akd ↗ proofs

proofs List Logs an Auditor monitors

Installation

Environment CLI Command Cargo ↗ (Rust 1.76+) cargo install plexi

Usage

Use the --help option for more details about the commands and their options.

Terminal window plexi [OPTIONS] <COMMAND>

Configure your auditor remote

plexi does not come with a default remote auditor, and you will need to choose your own.

You can do so either by passing --remote-url=<REMOTE> or setting the PLEXI_REMOTE_URL environment variable.

A common remote is provided below:

Name Remote Cloudflare https://plexi.key-transparency.cloudflare.com

If you have deployed your own auditor, you can add a remote by filing a GitHub issue ↗.

List monitored Logs

An auditor monitors multiple Logs at once. To discover which Logs an auditor is monitoring, run the following:

Terminal window plexi ls --remote-url 'https://plexi.key-transparency.cloudflare.com' whatsapp.key-transparency.v1

Audit a signature

The Key Transparency Auditor vouches for Log validity by ensuring epoch uniqueness and verifying the associated proof.

plexi audit provides information about a given epoch and its validity. It can perform a local audit to confirm the auditor behaviour.

For instance, to verify WhatsApp Log auditted by Cloudflare Auditor, run the following: