AI Learning Institute

Public Key Registry

Cryptographic trust anchors for certificate verification
👑
Custodian Root Key (RSA-4096)

This is the root trust anchor for the AI Learning Institute certificate chain. Every certifier authorization certificate is signed by the Custodian private key, and every student certificate embeds this public key for offline verification. The Custodian private key is held offline and never touches a network.

Public Key — SPKI / PEM
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxLFn2MNDkISsx2I3pSOA
XqWEm7tHfnpBE7HDKkKjckyKKWc8C//PjZJiAsekI6hIF02xkWglHKLMxh/avHTJ
E6i6RSBOKAvCVBmemde5Yn8YS5n4CVX/3wzNTnA4UkY4Bh1T/4KCTFNvzf4jjXM1
7D8i7xvSLWIQAYBdgkFnJQD0z6H389kLaCp9m58KepV/seSFmZPWaLJz3JdQrlvZ
iHqXDFsreVmWcemXPszk/8WCxCa0Z7tmbbKbn/Q2yhXrWCg2IdRW9tQiqvMIIEau
7vqK05eCPsKdGCIO4+Zr2pxBVbvuF60G2k6Qgux6U69MZG6gm20Bj8bD02RcJp+V
W4DPA6xCv/Qn3FRfj+WBYXZ7oMepzafZFfercv1HxlWjThWMM7shQAzzqfsUDMrM
mjiFQtufcOmrQoNp5/VlTThhWJDoethyw4B03y0HS4wTTahu8iLcGQNXJydTFy+A
xg0NzLliD2JlveB7uGHvmuyJLjlObx+BBJhPHWoi3+6UxdbFVUg11VfvI0Dvu5fc
yTP2z0dyqR9YVs818EytSFHXAO0V/zgBu3oPe1TfsawVTswNpG5IHyL9mBjncHCX
iLaVVFHMOqIf1Kcg81FhGkUHfsrIgMGXS83HB0ObeVH/rrHRyu9uVt7v0uLaWvB4
rDDv1Z69hu5YiDYaADTlQ68CAwEAAQ==
-----END PUBLIC KEY-----
Algorithm: RSASSA-PKCS1-v1_5 / SHA-256  ·  Key size: RSA-4096  ·  Usage: Verify certifier authorization certificates
This key is also embedded verbatim in every student certificate issued by this institution, so verification works offline without consulting this page. If you are verifying a certificate, the key embedded in the certificate file should match exactly what appears here.
👤
Certifier Keys

Each Certifier holds a long-lived RSA-2048 identity key pair. The certifier's public key fingerprint (SHA-256 of the public key PEM) is embedded in every student certificate they issue, along with the certifier's full Certifier Identity Certificate (which is signed by the Custodian root key above).

Certifier public key fingerprints are visible in each certificate's verification data block. The certifier's full public key is available upon request — contact ailearninginstitute.ca with the fingerprint from the certificate and the certifier's name.

Note for verifiers: When you click "Verify Authenticity" on a student certificate, the certificate itself performs the full verification: it checks the student certificate signature against the certifier's embedded public key, and checks the Certifier Identity Certificate against the Custodian root key above. No external lookup is required.
Verification Instructions

Standard verification (in-browser)

Every AI Learning Institute certificate is a standalone HTML file. To verify:

  1. Open the certificate HTML file in any modern browser (Chrome, Firefox, Safari, Edge).
  2. Click the "Verify Authenticity" button on the certificate page.
  3. The browser runs two verification steps entirely locally using the Web Cryptography API:
    • Step 1: Verifies the student certificate signature against the certifier's public key.
    • Step 2: Verifies the Certifier Identity Certificate against the Custodian root key (this page).
  4. Both steps must show a green checkmark for the certificate to be considered valid. A warning that the certifier authorization certificate is not embedded means the certificate predates the chain-of-trust system and should be verified with the institution directly.

Manual / advanced verification

Every certificate embeds its signed data and signature in the page's script block, visible by viewing the page source. The verification algorithm is:

  1. Extract SIGNED_DATA (the canonical JSON string) and SIGNATURE_B64U (the base64url-encoded RSASSA-PKCS1-v1_5/SHA-256 signature) from the certificate source.
  2. Import the certifier's public key (SPKI/PEM, embedded in the certificate source as TRAINER_PUBLIC_KEY_PEM) using any standard cryptographic library.
  3. Verify SIGNATURE_B64U over UTF-8(SIGNED_DATA) with RSASSA-PKCS1-v1_5/SHA-256.
  4. Parse SIGNED_DATA as JSON. If trainerCert is present, extract trainerCert.data and trainerCert.signature. Verify the trainer cert signature over UTF-8(JSON.stringify(trainerCert.data)) using the Custodian RSA-4096 public key published on this page.

No network requests, no database, no central authority. Pure public-key cryptography. A certificate issued today remains verifiable in 10 years using only the certificate file and the Custodian public key published here.

Revocation: Offline verification cannot check revocation status. For high-stakes verification, also query ailearninginstitute.ca/verify/[cert-id] to confirm the certificate has not been revoked.