Rainey Laguna Studios
Estudio/ Diario/ Por qué firmamos los objetos
Manifiesto 2026 · 04 · 28 Lectura · 8 min Por Stuart Rainey

YubiKey física que vive en una caja fuerte; una pública, publicada en verify.html de este sitio." data-en="Ed25519 is an elliptic-curve signature scheme. The studio has a key pair: a private key, stored on a physical YubiKey kept in a safe; a public key, published on verify.html of this site.">

data/proofs/<serial>.json; el QR debajo del objeto apunta a verify.html?serial=…." data-en="When a piece is finished, the operator (me) uses the private key to sign a structured JSON document that includes: the SHA-256 hash of the CAD file that was printed, the exact finishing timestamp, the object serial, the print parameters, Lima's weather at that moment (via Open-Meteo), and the public key. The signature is published at data/proofs/<serial>.json; the QR underneath the object points to verify.html?serial=….">

{
  "serial": "0001-MUG-LMJ9T",
  "cad_file_hash": "sha256:9d2a8c4f1e7b6a3d…",
  "fabrication": { "finished_at": "2026-04-23T13:47:00-05:00", "operator": "Stuart John Andrew Rainey" },
  "climate_during_fab": { "lima_weather": "garúa intermitente", "humidity": 86 },
  "manifesto_state_that_day": { "wght": 442, "opsz": 14 },
  "cryptography": {
    "algorithm": "Ed25519",
    "public_key": "3b6a27bcceb6a42d62a3a8d02a6f0d73…",
    "signature": "2c5b8f9a1e4d7c0b3a6f9e2d…"
  }
}

openssl pkeyutl -verify contra la llave pública del estudio y la firma. El veredicto es binario: válida o no." data-en="A person with minimal cryptographic literacy can run openssl pkeyutl -verify against the studio's public key and the signature. The verdict is binary: valid or not.">

YubiKey 5C; la pública vive en /verify.html; los certificados en /data/proofs/; el muro público en el Muro de Gemelos." data-en="Every piece leaving the workshop from June 2026 onward is signed. Before June there were 38 pieces — all signed retroactively with documented fabrication dates. The private key lives on a YubiKey 5C; the public key lives at /verify.html; the certificates at /data/proofs/; the public mosaic on the Twin Wall.">

Cadena de procedencia en /marca/." data-en="If you want to see the same idea applied to a brand instead of an object, read The Provenance Chain on /marca/.">

YubiKey es una marca de Yubico AB. Open-Meteo es un servicio gratuito que no requiere API key. Las firmas mostradas en los ejemplos son demostrativas." data-en="Notes: Ed25519 is the scheme described in RFC 8032; YubiKey is a trademark of Yubico AB. Open-Meteo is a free service requiring no API key. Signatures shown in examples are demonstrative.">