ACF
acfstandard.io
Developer docs
FR
Security

Doctrine signatures

Every acf-mcp tool output is cryptographically signed. Verify it offline against the ACF® Ed25519 public key and pin it in your audit pipeline for a defensible root of trust.

Tip
Verification needs no network call — the public key is embedded in every acf-mcp npm release. Three canonical reference implementations are provided: Node.js, Python, Go.

Anatomy of a signed output

Every tool output ships with seven traceability fields. The signature is taken over the content hash, not the full output — so a client can render the rationale and the audit trail separately without re-emitting the signature.

signed-footer.jsonjson
{
  "doctrine_version": "ACF framework v1.0 / rules 2026-06",
  "doctrine_hash": "sha256:bf0b6d8e4731ebdc58f6d6338702c5b74af47874cf0ad3dc958cde5c5b30b9dc",
  "doctrine_signature": "ed25519:7c9f3a2b8e1d4f6a9b2c5e8d1f4a7b3c6e9d2f5a8b1c4e7d0a3b6c9e2f5a8b1c4e7d0a3b6c9e2f5a8b1c4e7d0a3b6c9e2f5a8b1c4e7d0a==",
  "doctrine_public_key": "MCowBQYDK2VwAyEAojtKfh20SGGV63LMETjZBXRWo2tY0viAYziG/y3/L0s=",
  "doctrine_archive_url": "https://acfstandard.io/doctrine/v1.0/archive.json",
  "regulatory_snapshot": "EU AI Act 2024/1689 · GDPR 2016/679 · ISO 42001:2023 · NIST AI RMF 1.0 · COBIT 2019 — frozen 2026-06",
  "generated_at": "2026-06-14T11:47:22.318Z"
}

The three properties

1. Ed25519

The signature is Ed25519 (RFC 8032) — elliptic-curve on Curve25519. Chosen for: (1) no suspect parameters (no NIST-suspected curves), (2) deterministic and constant-time verification, (3) compact sizes (32 bytes public key, 64 bytes signature). The ACF® public key ships in base64 SPKI encoding.

2. SHA-256 hash chain

Inside the decision register (fiche ACF-08), each entry embeds the SHA-256 of the previous entry. Rewriting a past entry breaks the chain immediately on recompute. That is what makes the register defensible to an auditor or a court.

3. RFC 3161 qualified timestamping

Each register entry is timestamped by an eIDAS-qualified Time Stamp Authority (e.g. Universign PSCE referenced by France’s ANSSI). This gives every decision a defensible date, verifiable independently of the deployer.

The current public key

The doctrine public key for acf-mcp ≥ 1.1.0:

acf-doctrine-pubkey.txttext
MCowBQYDK2VwAyEAojtKfh20SGGV63LMETjZBXRWo2tY0viAYziG/y3/L0s=

See the full history (root rotations, prior versions).

Why this matters

The EU AI Act (Art. 12, Art. 26(6)) requires the deployer to retain event logs for at least six months. Without a cryptographic signature and hash chain, a log can be rewritten before the auditor sees it — making it undefensible. ACF® makes signing and chaining opt-out (on by default) to close that attack surface.