CERTCRYPT Node

Official issuer-side node for CERTCRYPT bundle lifecycle, capacity commitments, and bundle submission.

CERTCRYPT is infrastructure that makes certification independently verifiable under public rules. Selected artifacts can reach Independent through Proof of Independence, a structural result, so later verification no longer depends on the issuer's live systems.

certcrypt-node is the local operational component that lets an issuer aggregate issuance activity into bundles, close those bundles, and submit them to CERTCRYPT infrastructure so selected artifacts can later reach Independent.

certcrypt-node does not decide whether certificate content is true, legally valid, or factually correct. Local node state is operational and subordinate: it is not a source of semantic truth, authoritative capacity state, or proof validity.

Note

Pre-launch.

CERTCRYPT is currently in controlled pre-launch.

This repository is being prepared as the public home for certcrypt-node. Source code, implementation notes, and operational examples will be released progressively as the public specifications and node integration contracts stabilize.

The current repository content is intentionally minimal. It establishes the public scope, licensing, security process, and terminology boundary for the node before implementation artifacts are released.

Role

certcrypt-node encapsulates the local complexity of the path from issuer-side activity to bundle_submission.

It is intended to handle:

• local bundle opening and closure
• bundle journal persistence
• retry and idempotency around submission
• capacity commitment material loaded by the issuer
• canonical Merkle construction for bundle contents
• preparation of bundle_submission
• local assembly of verification material when applicable

The issuer remains responsible for its own issuance logic, custody of original material, and any business or legal claims made by the underlying certificate.

Architecture Direction

certcrypt-node is Rust-first and intended to be distributed as a single operational binary.

The planned structure is:

• crates/core/ for reusable primitives such as journal, Merkle, capacity verification, and bundle envelope logic
• crates/node/ for the HTTP server, dispatch, persistence, and upstream submission
• crates/cli/ for operational commands such as status, export, listing, and retention tasks

The node is designed for both:

• single-contract operation, where one node instance serves one CERTCRYPT contract
• multi-contract operation, where one node instance serves multiple isolated contracts

Both modes must produce the same public semantics for equivalent inputs. Verification of Independent must not depend on the continued availability of the node.

CERTCRYPT boundary

• not a claim of factual truth
• not a validator of correctness
• not a custodian of documents
• not blockchain notarization
• not a trust badge

Boundary of this node

• not a verifier
• not a source of proof validity
• not a document custody system
• not a long-term archive for issuer data
• not a replacement for the issuer's own issuance system
• not an authority that validates semantic truth or legal validity
• not a way to convert local capacity estimates into authoritative consumption

Public Specifications

Public specifications and technical documentation will be published at:

https://docs.certcrypt.com

The public website is available at:

https://certcrypt.com

License

Copyright © 2025-2026 CERTCRYPT.

Licensed under the Apache License, Version 2.0. See LICENSE for the full text.

Contact

Website: https://certcrypt.com
Docs: https://docs.certcrypt.com
Blog: https://blog.certcrypt.com
Open source: opensource@certcrypt.com