Forge a credential. You can’t.
Here is one genuinely valid Agent Trust Credential and a verifier that runs real cryptography in your browser. Tamper a field, mint your own key and re-sign it, paste a forged signature, outlast its lifetime, replay it after revocation. Every attack runs against a real check — Ed25519, a real ML-DSA-65 post-quantum signature, and the issuer-to-key binding OpenA2A actually ships. Nothing is scripted. Open your network tab: nothing leaves this page.
TAMPER A SIGNED FIELD
Edit what the credential claims. The bytes the signature covers change the instant you do.
RE-SIGN WITH YOUR OWN KEY
Mint a real Ed25519 keypair in your browser and sign the tampered credential with it. The math will be perfect. Watch what the verifier does anyway.
FORGE THE SIGNATURE DIRECTLY
Paste any Ed25519 signature hex you like in place of the real one.
OUTLAST OR REPLAY IT
{"agentDid":"did:opena2a:agent:acme-corp/billing-agent","agentId":"aim_7f3a9c2e","atxVersion":"1.0","capabilities":["db:read","api:call"],"contentHash":"sha256:abc123","expiresAt":"2026-05-26T00:00:00Z","issuedAt":"2026-05-19T00:00:00Z","issuerDid":"did:opena2a:authority:opena2a.org","publisher":"acme-corp","scanSummary":{"criticalFindings":0,"hma":"passed","oasbLevel":"L2"},"trustLevel":3,"trustScore":0.87,"version":"2.1.4"}verifying…
The Ed25519 and ML-DSA-65 (FIPS 204) signatures are verified for real in your browser via @noble/curves and @noble/post-quantum — tamper any signed field and both fail. When you “re-sign with your own key”, a real Ed25519 keypair is generated in your tab and signs for real; the secret never leaves it, and the authority’s secret keys are never present at all. The verifier accepts the credential only when it is the authority’s genuine, unmodified one. Revocation is a locally cached list plus a short lifetime, not a live lookup — the same model production uses.