For independent review
Security review — one-page index
This page exists so cryptographers, pentesters, and procurement reviewers can step through ArcaKey’s security artifacts in a defined order and file findings against a known baseline.
- Step 01
§9 lists what this draft does not yet prove.
- Step 02Read the threat model (v0.1).
§3 lists in-scope adversaries; §4 lists out-of-scope adversaries.
- Step 03Read the TEE attestation reference.
§4 explains how to verify an evidence artifact offline.
- Step 04
The Sovereign activation gate.
- Step 05Download a signed attestation sample.
Verify the ArcaKey binding signature with the published pubkeys.
- Step 06Review security.txt.
File findings against the disclosure policy.
Reviewer contact. Cryptographers and pentesters with questions or preliminary findings should email security@arcakey.ai. We acknowledge within 1 business day and triage within 5.