Artefact Integrity and Trust
Cryptographic integrity verification, digital signing, trust-on-first-use certificate management, and optional encryption for artefact packages shared between workspaces.
Three Layers of Integrity
Every artefact package includes three independent integrity mechanisms that work together to ensure content has not been tampered with.
Certificate Tiers
NeoArc Studio supports two certificate tiers, each suited to different organisational contexts.
The TOFU Trust Model
TOFU works like SSH host key verification. The trust store lives at governance/certificate-store.json within the workspace.
If a previously trusted signer's certificate changes unexpectedly, the import ceremony flags this as a potential security concern - the same way SSH warns about changed host keys.
Encryption Tiers
Artefacts can optionally be encrypted for secure transport. The manifest, signature, and provenance remain readable even when the payload is encrypted, so the recipient can verify the signer before decrypting.
| Tier | Method | Use Case |
|---|---|---|
| None | Plaintext payload | Internal sharing on trusted networks |
| Symmetric | AES-256-GCM with PBKDF2 key derivation | USB transfer, email, shared drives - passphrase shared out of band |
| Certificate | RSA-OAEP recipient encryption | Targeted sharing where only the intended recipient can decrypt |
Verification During Import
The import ceremony performs verification in a strict sequence. Each step must pass before the next begins. The visual ceremony shows each check as it completes, so the importer has full confidence in the integrity of the content before accepting it into their workspace.