This document describes the format of the signature file generated by `tensor-man`:

```json
{
  "version": "1.0",
  "signed_at": "2024-10-30T12:31:48.501562+00:00",
  "signed_with": "tensor-man v0.3.1",
  "public_key": "fd66a3214f0edb9173c096994e770398ffd133e0e99eb45031b9eada98dad69d01ebb2764ddfd023f4a5f26a38202e2433beaef0a19dc539e190d13329c0a54e",
  "algorithms": {
    "hash": "BLAKE2b512",
    "signature": "Ed25519"
  },
  "checksums": {
    "model.fp32-00001-of-00002.safetensors": "abfe82277fd0112d61f68aa026974e9a6244fb2d651e410b6c3617e9e09e9f4b0bd73ca7db8c3e76dfdb9fc55c3754f9d0cb7efcd99b4645504f6f1fbe1bf062",
    "model.fp32-00002-of-00002.safetensors": "5dfa7d40aaccfaab01e2b8414742bd53f409b4c96820d04d06e59ab0bf86097831fcc822cd4bcd83fdd0ab03fb47399f2d4a6d280639705904f4973ebc5a81ef",
    "model.safetensors": "1832ce27a470cf908365082a4aed364a724a187b9a64bfb4aab154af83496ad067922589390c4b6a56f6ffd6f163df15f63c624a645c55afa694c753b126f2be",
    "pytorch_model.bin": "cc1cb3d2597730573ef5e828e289601d2db13984026c6d1246c1adf0d245df7f34beabd9463f7a71480a44a84ca66356610c8eb7628830a4b3f0f58d4e8b4e1e",
    "pytorch_model.fp32-00001-of-00002.bin": "c1cdf3fda78dc91226ff02152b5667568225708b261e3a4c68ea1e69e1fd30a0774398ea0b15b2213cecdff2d77057d1aa4fa56432ce1be184df4e4e9bb2aa15",
    "pytorch_model.fp32-00002-of-00002.bin": "93584fc93efe24c16600bd403c875e2b1c031be15c395e053873ba08ca6eeab36e156632b90913539656ec998b5abb052a885e9a0e103c3130072c777997aa04"
  },
  "signature": "f828abf31c9e45718a591b649d8d07fc70eb7ea2aa711eea6f95ed447252a5cebd960aed7d54a92b06f3e444656c2b559db1b93a58b1189bedf3d2523986710b"
}
```

| Field | Description |
|-------|-------------|
| `version` | The version of the signature format specification. Any change in major version indicates a breaking change. |
| `signed_at` | ISO 8601 timestamp indicating when the signature was created. |
| `signed_with` | The name and version of the tool that created the signature. |
| `public_key` | Hash of the keypair public key, encoded as hex. |
| `algorithms` | Object describing the cryptographic algorithms used. |
| `algorithms.hash` | The hash algorithm used to generate checksums (BLAKE2b512 for version 1.0 of the manifest) |
| `algorithms.signature` | The signature algorithm used to sign the file (Ed25519 for version 1.0 of the manifest) |
| `checksums` | Object mapping filenames to their BLAKE2b512 hashes encoded as hex strings. |
| `signature` | Ed25519 signature of the concatenated checksums of the files, encoded as hex. |

## How the signature is created

1. A list of files in the supported formats and any external data they reference is created from the input path.
2. Each file is hashed with BLAKE2b512 and the results are concatenated into a single string.
3. The resulting string is signed with Ed25519.

This ensures that the signature is tied to the content and integrity of the files. Model integrity and provenance are crucial for ensuring trustworthiness in machine learning by verifying that models remain untampered and origin-traceable. This tool enhances security by hashing each file and signing the combined hash, guaranteeing content authenticity and safeguarding against unauthorized changes.