DE

CORTEX INTEGRITY LAYER

Every CORTEX publication
is cryptographically verifiable.

Cloud Professionals signs every CORTEX publication with Ed25519 (minisign). No third party required — just you, the public key, and an open-source tool.

What is the CORTEX Integrity Layer?

The CORTEX Integrity Layer is the cryptographic infrastructure underlying our research process. It ensures the integrity of every published document — Deep Dives, sector reports, and benchmarks — from the moment of publication.

Technical Safeguards

  • Each document receives a SHA-256 content hash immediately upon creation and is signed with a private Ed25519 key (minisign).
  • Signature and artifact are immutably archived on WORM-protected object storage (Cloudflare R2, Object Lock for 7 years).
  • A co-generated, equally signed sources manifest documents every source used, including the exact retrieval timestamp.
  • Each week, a Merkle root is computed across all publications of that calendar week. The weekly roots are continuously chained — any retroactive change to a single document invalidates the root of the affected week and all subsequent weeks.

Auditability and Verifiability

The infrastructure is designed such that CFO-level stakeholders, board members, and internal as well as external auditors can independently verify every publication — without our involvement and without access to our systems.

  • The corresponding public key is openly published (/.well-known/integrity/cortex-v1.pub).
  • The cryptographic primitives used (Ed25519, SHA-256, minisign) are established open-source standards.
  • The full verification process is documented; a step-by-step guide follows directly below.

The CORTEX Integrity Layer thereby turns our research output into an independently verifiable audit primitive — precisely the quality that governance, compliance, and external audit parties can expect from a professional research and publication organisation, and one rarely delivered elsewhere.

Download the Public Key

Ed25519 · RFC-5785 compliant cortex-v1.pub
Download Public Key →

Or directly via CLI: curl -O https://www.cloudprofessionals.biz/.well-known/integrity/cortex-v1.pub

Verification Guide (3 Steps)

01

Install minisign

# macOS
brew install minisign

# Ubuntu / Debian
apt install minisign

# Windows (Scoop)
scoop install minisign
02

Download the artifact and signature

Each publication carries the .minisig URL in its <meta name="cortex-signature-ref"> tag. 

curl -O https://www.cloudprofessionals.biz/en/deep-dives/<insight-slug>/
curl -O <cortex-signature-ref-URL>
03

Verify the signature

minisign -V -p cortex-v1.pub -m <insight.html> -x <insight.minisig>

Expected output: Signature and comment signature verified

FAQ

What is signed?

The content of every publication is cryptographically bound to a unique signature. Additionally, a sources manifest is signed, documenting every source used, including the exact retrieval timestamp. Both signatures are immutably archived.

How is signing performed?

The private signing key is exclusively controlled; unauthorized access is structurally excluded. The corresponding public key is permanently open to inspection.

How long are artifacts archived?

Seven years, immutable and tamper-proof. The direct link to the signature is embedded in every document.

Where is the key backup?

The key is independently and redundantly protected against loss; the recovery process is documented and verified. Should the key ever be lost, all existing artifacts remain permanently verifiable with the published public key.

How do I report a suspicious artifact?

Please contact [email protected] directly. Every report is reviewed and documented without delay.

Integrity Contact

Questions about verification, key material, or the integrity infrastructure: [email protected]