Back to blog
Security
HMAC-SHA256 receipts in v0
4 min read
We use HMAC-SHA256 for receipt signatures in v0. Future versions may add optional asymmetric signing for non-repudiation.
V0 receipts are signed with a server-side HMAC key. That gives integrity and authenticity for your own audit and tooling. We're considering optional asymmetric (e.g. Ed25519) signing in a later version for third-party verification.