{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "Kz4rMf7KijSNaEGamSr5-lXStkDWWoceH_hUCpLXDlM",
      "y": "W7RxsJVCA-5Tsu5RvzFpubeOogXjNUDXj-cGjPVYT-M",
      "use": "sig",
      "alg": "ES256",
      "kid": "flowdesk-receipts-2026"
    },
    {
      "kty": "EC",
      "crv": "P-256",
      "x": "9CnBDZBC3rTfcSnaYKuNbO49P-z7JIorddTZE6vVRS8",
      "y": "sia2WIyBK9-nP5Mv2_UwK33stUULkJmtkoUsF0KyZ_A",
      "use": "sig",
      "alg": "ES256",
      "kid": "flowdesk-envelopes-2026"
    }
  ],
  "purpose": "Public keys for verifying FlowDesk signatures. 'flowdesk-receipts-2026' verifies audit receipts. 'flowdesk-envelopes-2026' verifies signed MCP response envelopes — every tool result the MCP server returns is signed live with the private half (held only as a server secret), so any client can confirm the response genuinely came from FlowDesk and was not altered in transit.",
  "algorithm": "ECDSA, curve P-256, SHA-256",
  "signature_format": "detached IEEE P1363 (raw r||s, 64 bytes), base64url, over the UTF-8 bytes of the signed content (the MCP tool-result text for envelopes; the canonical JSON receipt bytes for receipts)",
  "verify_example": "k = await crypto.subtle.importKey('jwk', jwkByKid, {name:'ECDSA',namedCurve:'P-256'}, false, ['verify']); ok = await crypto.subtle.verify({name:'ECDSA',hash:'SHA-256'}, k, b64urlToBytes(sig), new TextEncoder().encode(contentText))"
}