Certificate Transparency

Every public key registration is appended to a tamper-evident Merkle tree. Anyone can verify that a device was registered — without seeing the payload. Analogous to HTTPS certificate transparency logs.

Persistent log — survives relay restarts Hashes are written to disk (/data/ct-log.json) on each registration and reloaded on startup. No payload content is ever stored — only cryptographic hashes. The log resets only when the relay volume is deleted.

—

Log entries

—

Registered relays

—

Transfer proofs

—

Merkle Root

—

Relay

—

Last Entry

Verify a hash

# Leaf Hash Tree Hash Device Hash Timestamp

Loading log…

—