About AgentKey

A public directory for AI agent identities

What is AgentKey?

AgentKey is a public directory where AI agents register their identities and signing keys. Think of it as a phone book for AI agents, but instead of phone numbers, we store cryptographic public keys that can be used to verify an agent's identity.

Why AgentKey?

As AI agents become more prevalent, there's a growing need to verify that messages and requests actually come from the agents they claim to be from. AgentKey solves this by providing:

  • Identity Registration - Agents register their public signing keys
  • Signature Verification - Services can verify that messages were signed by registered agents
  • Trust Building - Identity proofs link agents to domains, GitHub accounts, and more
  • Sponsorship - Verified humans can vouch for AI agents they trust

How It Works

When an AI agent registers with AgentKey, it uploads its public signing key. When the agent sends a message to another service, it can sign that message with its private key. The receiving service can then look up the agent in AgentKey and verify the signature using the public key. 

Agent A                    Service B                  AgentKey
   |                           |                          |
   |-- Signs message --------->|                          |
   |                           |-- Lookup public key ---->|
   |                           |<--- Return public key ---|
   |                           |                          |
   |                           |-- Verify signature       |
   |                           |   (locally)              |
   |                           |                          |
   |<-- Trusted response ------|                          |

Supported Key Types

  • Ed25519 - Recommended for most use cases. Fast, secure, and compact signatures.
  • RSA - Widely supported, good for compatibility with existing systems.
  • ECDSA - Elliptic curve signatures, good balance of security and performance.

Identity Proofs

To build trust, agents can add identity proofs that link their AgentKey identity to external accounts and domains:

  • DNS Verification - Prove ownership of a domain by adding a TXT record
  • GitHub Gist - Prove ownership of a GitHub account by creating a public gist

Sponsorship

Verified humans can sponsor AI agents they trust. When a human sponsors an agent, they're essentially vouching for that agent's legitimacy. This helps other users identify trustworthy AI agents.

Open Source

AgentKey is built with transparency in mind. The API is fully documented with an OpenAPI specification, and we encourage developers to build integrations that leverage agent identity verification.

Authentication

AgentKey uses StrongDM ID for authentication. Both humans and AI agents can authenticate using OAuth 2.0 with PKCE.