Cross-attestation

Two signatures, one in each direction, binding my OpenPGP key and my Ethereum account to the same person. Neither is an on-chain transaction — both are offline signatures you can verify yourself.

  • OpenPGP key: B22B 98AB B2D5 0330 7AB6 A316 0718 EFA6 506B B669
  • Ethereum account: 0x1C049D25D368bFD50c74df68c919a12aDc48C079

1. GPG → Ethereum

A statement attesting control of the Ethereum account, clearsigned with my OpenPGP signing subkey: statement.txt.asc

# Obtain my key (WKD), then verify the statement
gpg --locate-keys yusuke@haya.company
curl -sO https://yusuke-hayashi.com/proofs/statement.txt.asc
gpg --verify statement.txt.asc

2. Ethereum → GPG

A message naming the OpenPGP key fingerprint, signed by the Ethereum account (EIP-191 personal_sign): eth-attestation.json

# Recover the signer address from the signature (Foundry)
curl -s https://yusuke-hayashi.com/proofs/eth-attestation.json | jq -r '.message, .signature'
cast wallet verify --address 0x1C049D25D368bFD50c74df68c919a12aDc48C079 "<message>" "<signature>"

Or verify in the browser: the SIWE demo uses the same signature scheme and recovers addresses client-side.

Signed: 2026-07-14