Lethe Delete · live challenge

One of these deletion certificates is real. Two are rigged.

Below are three signed “deletion certificates” and one public key. One is genuine; one was edited after signing; one was minted with a different key. Verify them yourselfpip install lethe-delete, no database, no account — and prove which is which. The point isn’t to trust us. It’s that you don’t have to.

The artifacts

cert-1.json cert-2.json cert-3.json pubkey.txt

Pinned operator public key (an unpinned check only proves self-consistency, never authenticity):

MPCX5IuKiJ2radV/O3x/LRyk7mTt4wPzLNtOpnQmLU8=

Verify — CLI

# installs the same code that mints the certs
pip install lethe-delete

# fetch the three certs, then check each against the pinned key
for n in 1 2 3; do curl -sO https://lethe-delete.com/demo/cert-$n.json; done
lethe verify cert-1.json --public-key MPCX5IuKiJ2radV/O3x/LRyk7mTt4wPzLNtOpnQmLU8=
lethe verify cert-2.json --public-key MPCX5IuKiJ2radV/O3x/LRyk7mTt4wPzLNtOpnQmLU8=
lethe verify cert-3.json --public-key MPCX5IuKiJ2radV/O3x/LRyk7mTt4wPzLNtOpnQmLU8=

Verify — agent / M2M (with the reason)

import json, urllib.request
from lethe.cert_schema import verify_certificate_json  # pip install "lethe-delete[mcp]"

PUB = "MPCX5IuKiJ2radV/O3x/LRyk7mTt4wPzLNtOpnQmLU8="
for n in (1, 2, 3):
    url = f"https://lethe-delete.com/demo/cert-{n}.json"
    cert = json.load(urllib.request.urlopen(url))
    print(n, verify_certificate_json(cert, trusted_public_key=PUB))

What you should see

Found the real one? Post which cert verified and how you knew — or try to slip a forgery past the pin. Both are the point.