Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 174 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A verifier is an entity or agent that cryptographically validates signatures and digests on event messages, and more broadly, determines whether signed statements attributed to an identifier are valid at the time of issuance by applying use-case-specific trust criteria beyond basic cryptographic verification.
A verifier in KERI is any entity or agent that performs cryptographic verification of data received from peers, specifically checking structure, signatures, and dates on event messages. In the KERI suite, a verifier cryptographically verifies signature(s) and digests on an event message. The verifier role is closely related to but distinct from a validator—while both terms are near-synonyms, a verifier focuses specifically on cryptographic verification operations, whereas a validator performs broader evaluation of statements and claims.
Key characteristics:
In KERI, the verifier plays a foundational role in the duplicity detection and trust establishment architecture. Before a verifier can validate a signature, they must first determine which key set was controlling an identifier at the time an event was issued—a process called establishing control authority.
The verification process differs based on identifier type:
For non-transferable identifiers: Control establishment requires only a copy of the inception event, as the controlling key set is fixed and cannot change.
: Verifiers must obtain and verify a complete sequence of , including the inception event and all subsequent , covering the period up to when the statement was issued.
Implementations must follow this sequence:
Verifiers must maintain or access key state information to determine which keys were authoritative when events were signed. This requires:
For ACDC credential verification, implementations should:
Once control authority is established, the verifier cryptographically verifies:
This verification model supports KERI's self-certifying approach where the identifier itself contains the information needed to verify control authority without requiring external registries or certificate authorities.
In the context of ACDC verifiable credentials and the vLEI ecosystem, verifiers validate:
The verifier receives presentations containing proofs of claims and applies both cryptographic verification and policy-based validation to make trust decisions.