Quantum-Safe File Attestation: Issue and verify formally verified. Use when an agent needs quantum safe file attestation, sign software releases with formall...
---
name: quantum-safe-file-attestation
description: "Quantum-Safe File Attestation: Issue and verify formally verified. Use when an agent needs quantum safe file attestation, sign software releases with formally verified post quantum cryptography, create proof carrying attestation certificates with lean 4 verified acceptance kernels, verify file integrity with nist standardized ml dsa 65 digital signatures and pqclean runtimes, generate compliance evidence for soc 2 sox hipaa and regulatory audits with cryptographic proof chains, attest."
version: 1.0.0
homepage: https://www.agentpmt.com/marketplace/quantum-safe-file-attestation
compatibility: "Agent instructions for AgentPMT-hosted remote tool calls. Follow this skill body for supported account, wallet, and setup routes. No local command runtime is declared."
metadata: {"author":"agentpmt","openclaw":{"homepage":"https://www.agentpmt.com/marketplace/quantum-safe-file-attestation"}}
---
# Quantum-Safe File Attestation
## Freshness
Last updated: `2026-06-24`.
If the current date is more than 7 days after the last updated date, reinstall this skill from skills.sh or ClawHub before relying on endpoints, schemas, setup steps, or examples.
## What This Tool Does
Issue formally verified, post-quantum cryptographic attestation certificates for any file. Every attestation is backed by a proof-carrying certificate bundle whose acceptance logic is proven correct in Lean 4. Signing uses ML-DSA-65 from the NIST post-quantum standard, executed through PQClean standardized runtimes with the private key secured in a hardware security module. A 4-check verification pipeline confirms signature validity, manifest consistency, artifact integrity, and certificate Merkle-tree integrity — all must pass. Anyone can verify certificates independently using the open-source offline verifier. No trust in our infrastructure required.
## Product Instructions
### Quantum-Safe File Attestation
Create and verify post-quantum cryptographic attestation packages for files using ML-DSA-65 (Dilithium3).
#### Actions
##### `attest_artifact`
Create a cryptographic attestation for a file in storage. The attestation package is saved to file storage.
Required:
- `file_id` (string): file ID of the artifact to attest. Upload the file first using the File Management tool (action `upload_standard`), then pass the returned `file_id` here.
Optional:
- `artifact_name` (string): human-readable name (defaults to stored filename)
- `metadata` (object): freeform key-value pairs to include in the manifest
```json
{"action":"attest_artifact","file_id":"abc-123","artifact_name":"release-v2.1.tar.gz","metadata":{"version":"2.1.0"}}
```
Response:
- `artifact_sha256`: SHA-256 of the attested file
- `package_id`: unique attestation identifier
- `attestation_file_id`: file ID of the saved attestation package (use this for verify_attestation)
- `attestation_signed_url`: download URL for the attestation package JSON
##### `verify_attestation`
Verify a previously issued attestation package against the original artifact. Both must be in file storage. If verifying a package received from someone else, upload it first using the File Management tool.
Required:
- `file_id` (string): file ID of the original artifact
- `attestation_file_id` (string): file ID of the attestation package JSON (from attest_artifact, or uploaded via File Management)
Optional:
- `check_bundle` (boolean, default true): verify CAB certificate bundle integrity
```json
{"action":"verify_attestation","file_id":"abc-123","attestation_file_id":"def-456"}
```
Response:
- `accept`: true if all checks pass
- `failed_checks`: list of check names that failed (empty when accepted)
- `manifest_sha256`: hash of the canonical manifest
- `signer_public_key_hex`: the public key that signed the manifest
##### `get_public_key`
Return the signer's public key and algorithm info for independent verification.
```json
{"action":"get_public_key"}
```
#### Typical Workflow
1. Upload a file using the File Management tool (`upload_standard`) to get a `file_id`
2. Call `attest_artifact` with the `file_id` — save the returned `attestation_file_id`
3. To verify later, call `verify_attestation` with both `file_id` (original artifact) and `attestation_file_id` (the attestation package)
4. Share the attestation package (downloadable via `attestation_signed_url`) with anyone who needs to verify independently
#### Independent Offline Verification
Recipients can verify attestation packages offline without this tool: https://github.com/Abraxas1010/verified-pqc-verifier
#### Security Properties
- **Post-quantum security**: ML-DSA-65 (FIPS 204 / Dilithium3) resistant to quantum attacks
- **Hardware key protection**: signing key never leaves the hardware security module
- **Tamper evidence**: any modification invalidates the signature
- **Self-verification**: every attestation is verified immediately after signing
## When To Use
- Use this skill for `Quantum-Safe File Attestation` on AgentPMT.
- Use it when an agent needs this specific tool's behavior, schema, inputs, outputs, and invocation shape.
- Search and activation keywords: quantum safe file attestation, sign software releases with formally verified post quantum cryptography, create proof carrying attestation certificates with lean 4 verified acceptance kernels, verify file integrity with nist standardized ml dsa 65 digital signatures and pqclean runtimes, generate compliance evidence for soc 2 sox hipaa and regulatory audits with cryptographic proof chains, attest artifact, file id, artifact name.
- Supported action names: `attest_artifact`, `get_public_key`, `verify_attestation`.
## Use Cases
- Sign software releases with formally verified post-quantum cryptography
- Create proof-carrying attestation certificates with Lean 4 verified acceptance kernels
- Verify file integrity with NIST-standardized ML-DSA-65 digital signatures and PQClean runtimes
- Generate compliance evidence for SOC 2 SOX HIPAA and regulatory audits with cryptographic proof chains
- Timestamp and cryptographically attest intellectual property artifacts with tamper-evident CAB bundles
- Verify software supply chain integrity with 4-check verification pipeline
- Issue verifiable certificates for code repositories and release archives backed by formal proofs
- Provide independent verification keys for third-party auditors and partners
- Create provenance records for AI model weights and training data with quantum-safe signatures
- Attest firmware images and embedded software updates with hardware-backed signing
- Notarize documents with post-quantum signatures backed by information-theoretic security foundations
- Sign configuration files and infrastructure-as-code with formally verified cryptographic protocol stack
## Related Product Skills
- File Management: ../file-management (ClawHub: `file-management`, page: https://clawhub.ai/agentpmt/file-management; skills.sh: `npx skills add AgentPMT/agent-skills --skill file-management`)
## Categories And Industries
No categories or industry tags are published for this tool.
## Actions And Schema
Complete generated action schema: `./schema.md`.
Supported action count: `3`.
x402 availability: not enabled for this product.
- `attest_artifact` (action slug: `attest-artifact`): Create a post-quantum cryptographic attestation for a file in storage. Signs with ML-DSA-65 via hardware security module. Saves the attestation package to file storage and returns its file_id. Price: `25` credits. Parameters: `artifact_name`, `file_id`, `metadata`.
- `get_public_key` (action slug: `get-public-key`): Return the signer's public key, algorithm, and fingerprint so independent verifiers can confirm attestation signatures without calling this tool. Price: `5` credits. Parameters: none.
- `verify_attestation` (action slug: `verify-attestation`): Verify a previously issued attestation package against the original artifact. Both the artifact and the attestation package must be in file storage. Checks ML-DSA-65 signature, manifest integrity, artifact SHA-256 match, and CAB bundle. Price: `5` credits. Parameters: `attestation_file_id`, `check_bundle`, `file_id`.
## Live Schema And Examples
Use the compact schema above for ordinary calls. Before a new production integration, or whenever parameters, enum values, nested objects, outputs, or examples are unclear, fetch live details first.
- Exact schema: call `agentpmt-tool-search-and-execution` with `action: "get_schema"`, and `tool_id: "quantum-safe-file-attestation"`.
- Detailed examples: call `agentpmt-tool-search-and-execution` with `action: "get_instructions"` and `tool_id: "quantum-safe-file-attestation"`, or call this product with `action: "get_instructions"` when the product tool is already selected.
- Treat returned live schema and instructions as more specific than this generated summary.
MCP schema lookup through the main AgentPMT MCP server:
```json
{
"method": "tools/call",
"params": {
"name": "AgentPMT-Tool-Search-and-Execution",
"arguments": {
"action": "get_schema",
"tool_id": "quantum-safe-file-attestation"
}
}
}
```
For live examples, keep the same MCP tool and use these arguments:
```json
{
"action": "get_instructions",
"tool_id": "quantum-safe-file-attestation"
}
```
Authenticated AgentPMT REST schema lookup body:
```json
{
"name": "agentpmt-tool-search-and-execution",
"parameters": {
"action": "get_schema",
"tool_id": "quantum-safe-file-attestation"
}
}
```
Authenticated AgentPMT REST live examples body:
```json
{
"name": "agentpmt-tool-search-and-execution",
"parameters": {
"action": "get_instructions",
"tool_id": "quantum-safe-file-attestation"
}
}
```
## Call This Tool
Product slug: `quantum-safe-file-attestation`
Marketplace page: https://www.agentpmt.com/marketplace/quantum-safe-file-attestation
- AgentPMT account route: first use `../agentpmt-account-mcp-rest-api-setup` to connect the main MCP server or REST API for an Agent Group where this tool is enabled.
- x402 route: not enabled for this product.
- AgentPMT overview: use `../what-is-agentpmt` for marketplace, Agent Group, workflow, MCP, REST, and payment concepts.
If those setup skills are not installed beside this product skill, use the downloads below.
Core AgentPMT setup skills:
- What AgentPMT is: ../what-is-agentpmt
- ClawHub page: https://clawhub.ai/agentpmt/what-is-agentpmt
- OpenClaw install: `openclaw skills install what-is-agentpmt`
- skills.sh install: `npx skills add AgentPMT/agent-skills --skill what-is-agentpmt`
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup
- ClawHub page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup
- OpenClaw install: `openclaw skills install agentpmt-account-mcp-rest-api-setup`
- skills.sh install: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`
skills.sh install script:
```bash
npx skills add AgentPMT/agent-skills --skill what-is-agentpmt
npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup
```
MCP call shape after the main AgentPMT MCP server is connected:
```json
{
"method": "tools/call",
"params": {
"name": "Quantum-Safe-File-Attestation",
"arguments": {
"action": "attest_artifact",
"artifact_name": "example artifact name",
"file_id": "example file id",
"metadata": {}
}
}
}
```
Use the exact tool name returned by `tools/list`; the name above is the expected readable form.
Authenticated AgentPMT REST call body:
```json
{
"name": "quantum-safe-file-attestation",
"parameters": {
"action": "attest_artifact",
"artifact_name": "example artifact name",
"file_id": "example file id",
"metadata": {}
}
}
```
Use the setup skill for the account connection details before making REST calls.
## Response Handling
- Treat the returned JSON as the source of truth for this tool call.
- If the response includes warnings or correction targets, apply them before retrying.
- If the response includes a `passed` or success-style boolean, use it as the workflow gate.
- If validation fails or the response shape is unclear, call `get_schema` or `get_instructions` before retrying.
- If `attest_artifact` fails, preserve the request parameters and retry only after fixing schema, auth, or payment errors.
## Security
- Do not place account secrets, wallet private keys, mnemonics, signatures, or payment headers in prompts or logs.
- Keep tool inputs scoped to the minimum content needed for the task.
- Use the setup skills for credential handling; this product skill only defines product-specific behavior.
## AgentPMT Reference
- What AgentPMT is: ../what-is-agentpmt (ClawHub: `what-is-agentpmt`, page: https://clawhub.ai/agentpmt/what-is-agentpmt; skills.sh: `npx skills add AgentPMT/agent-skills --skill what-is-agentpmt`)
- AgentPMT account MCP/REST setup: ../agentpmt-account-mcp-rest-api-setup (ClawHub: `agentpmt-account-mcp-rest-api-setup`, page: https://clawhub.ai/agentpmt/agentpmt-account-mcp-rest-api-setup; skills.sh: `npx skills add AgentPMT/agent-skills --skill agentpmt-account-mcp-rest-api-setup`)
- Marketplace product: https://www.agentpmt.com/marketplace/quantum-safe-file-attestation
- AgentPMT main MCP server: https://api.agentpmt.com/mcp/
- AgentPMT REST invoke endpoint: https://api.agentpmt.com/products/purchase
don't have the plugin yet? install it then click "run inline in claude" again.