DNS-BASED PKI • STRONG ENCRYPTION

Professional Credentials, Cryptographically Verified

CVerify is a decentralized protocol allowing companies to attest professional work experiences using DNS-verifiable digital signatures.

Verify a Profile Get Started

How It Works

A trustless system where no central authority controls the data. Everything is mathematically verifiable.

1

DNS Key Publication

Publish your 2048-bit RSA public key via DNS TXT records. Zero infrastructure required.

2

Signed Request

User cryptographically signs a validation request with their private key.

3

Cryptographic Attestation

The company signs the work experience with their private key.

4

Public Verification

Anyone can mathematically verify the authenticity of the credentials.

Deployment Options

Get Your CVerify Instance

CVerify requires your own domain to work. Choose how you want to run your instance.

Self-Hosted

Full control on your infrastructure

  • Deploy on your own server (VPS, shared hosting, etc.)
  • Complete data ownership and privacy
  • Open source — customize as you need
  • Requires PHP 8.0+ and domain with DNS access
Free forever
View on GitHub
RECOMMENDED

Managed Hosting

I handle everything for you

  • Hosted on my servers with your domain
  • Zero configuration — ready in 24 hours
  • Automatic updates, backups & SSL certificates
  • Priority support via email & chat
.cv

Special Discount!

Get 20% off if you use a .cv domain

Contact me for pricing
Get in Touch

Let's Talk

Don't have a server? No technical skills? No problem! Contact me to discuss your needs and get a custom quote for managed hosting.

me@calimatteo.it
Usually reply within 24h
No commitment required
Free consultation

Choose Your Role

Three dedicated portals to manage every aspect of the attestation system.

User Dashboard

Manage your digital identity, add work experiences and request validations from companies.

  • Generate RSA keys
  • Request validations
  • Manage CV
Login

Company Portal

Receive validation requests from professionals and sign the attestations.

  • Generate corporate keys
  • Approve/reject requests
  • Configure corporate DNS
Login

Verifier Lens

Verify anyone's professional credentials. No account required.

  • Verify DNS identity
  • Validate signatures
  • No registration
Start Verifying

Security Architecture

A robust, layered security model relying on established cryptographic primitives and the global DNS infrastructure.

DNS Root of Trust

Identity is anchored in the Domain Name System. Public keys are published as TXT records, making the domain owner the only entity capable of signing valid attestations for that organization.

cverify._domainkey.example.com IN TXT "v=CV1; k=rsa; p=MIIBIjANBg..."

Asymmetric Cryptography

We use RSA-2048 key pairs. The private key never leaves your secure environment. It is used solely to generate digital signatures that any third party can verify using the public key fetched from DNS.

Immutable Integrity

Every attestation is hashed using SHA-256. Changing even a single bit of the credential data invalidates the signature immediately, guaranteeing document integrity.

// 1. The document is hashed
$hash = hash('sha256', $json_data);
Output: e3b0c44298fc1c149...
// 2. Hash is signed with Private Key
$signature = rsa_sign($hash, $private_key);
// 3. Anyone verifies with DNS Public Key
$pub_key = dns_get_record('company.com', DNS_TXT);
$valid = rsa_verify($hash, $signature, $pub_key);
VERIFIED_TRUE