Security & verification

Aurono Start verifies your license against an Ed25519 public key embedded in the install bundle. This page publishes the fingerprint of that public key so you can confirm the key in your installation matches the one we sign licenses against — no need to trust us, you can verify the chain yourself.

The public key fingerprint

The SHA-256 fingerprint of the Ed25519 public key currently embedded in Aurono Start is:

34b7597692b44894bf539a31b9b596d7ff59520d04989534fe7a372d00b69437

Last verified: 2026-05-23. This page updates with every release that rotates the signing key. Rotation is reserved for suspected compromise and announced in the changelog.

How to verify your local copy

Compute the fingerprint of the embedded key on your own device:

On macOS

shasum -a 256 /opt/aurono/code/aurono/licensing/keys/ed25519_public.pem

On Linux / Raspberry Pi

sha256sum /opt/aurono/code/aurono/licensing/keys/ed25519_public.pem

The output should match the fingerprint published above. If it doesn’t, the embedded key may have been tampered with — stop using the installation and contact security@auronolabs.com immediately.

Why we publish this

Aurono Start runs entirely on your device. No phone-home, no online validation, no time-bomb. Your license is signed once, by an offline Ed25519 key that never enters a webserver. That signing setup protects you against many attack classes — but it only works if you can be sure the verification key in your installation is the one we sign against. Publishing the fingerprint here closes that loop.

Reporting a security issue

If you find a security vulnerability in Aurono Start, this website, or any of our services, please email security@auronolabs.com. We aim to acknowledge within 48 hours and to fix critical issues within 14 days. Coordinated disclosure is appreciated.