🔑 ZCerts: Verified Privacy for Apps

Zor introduces ZCerts, a new class of cryptographic certificates that prove authenticity through hardware attestation instead of centralized certificate authorities.

🔐 What is a ZCert?

A ZCert is a public key + attestation proof generated inside a Trusted Execution Environment. It guarantees two things:

  1. The key belongs to a verified enclave.

  2. The enclave is running trusted Zor software.

This means users can connect to a .zor service knowing it’s authentic — without trusting an external CA.

⚙️ How It Works

  1. A service generates a ZCert inside its enclave.

  2. The Vault validates the attestation proof and issues a signature.

  3. The ZCert is added to the network’s zcert_root.

  4. Clients verify the ZCert before initiating encrypted sessions.

All communication between ZCerted endpoints is end-to-end encrypted using ECDH/PGP-style handshakes — invisible even to relays and exits.

🌐 Why It Matters

ZCerts replace TLS certificates and domain authorities with something stronger and fairer: cryptographic truth.

  • No single company can revoke access.

  • Every service can prove its integrity.

  • Privacy and authenticity finally coexist.

Previous🧱 Vaults and Shielded SettlementNext🛡️ Zor Browser

Last updated