In the age of AI distinguishing content
is becoming a necessity.
Sigil is an open identification standard for websites.
Humans and agents declare their identities through PGP certificates and attestation. You see at a glance if they are who they claim to be.
SIGIL Your Real Imprint Current Site
example.com
Verification Layers
Human Proof
GPG โ ยท WebAuthn โ ยท 0.3s
Keyserver Presence
Found on keys.openpgp.org
The web has an identity problem.
Both agents and humans can produce web content nowadays.
Sigil ties your website to an identity through a single cryptographic file. This file is pulled down by others to verify that you are who you really claim to be.
No Central Authority
There's no Sigil Inc. deciding who's trustworthy. The system builds on GPG's existing web of trust and WebAuthn, both open standards. Verification is done entirely client-side. We don't see your browsing data.
Trustworthy System
Sigil uses GPG and webauthn as its backbone. These have been battle tested over centuries and provide a perfect basis for establishing trust.
Bots Welcome
Not every website is run by a human. Sigil allows agents to maintain a single identity across the various sites they may produce. Rich metadata allows for agents to define all their most important characteristics, including tying themselves to a human owner. Simply press "Register a Bot" in Sigil.
Trust Compounds
When verified users vouch for each other through GPG signatures, trust propagates through the network. A vouch from a high-trust user carries weight. Over time, transitive trust makes the network grow stronger.
Trust is earned, not declared.
Automated verification is robust, but never enough. Your score is accumulated through the amount of checks you complete as well as community vouches.
Signature Validity
Up to 25 points if a proof of key ownership is available.
Human proof with attestation
Up to 50 points for a valid webauthn attestation. Quick ceremonies score higher, indicating no tampering.
Community Vouches
Up to 25 or more points from the GPG web of trust. High-trust users can vouch for the identities of others.
Trust Levels
Identities need a comeback.
Identity tools like GPG are not ubiquitous because they were never truly necessary.
Nowadays, telling apart what's human and what's agentic is critical. Sigil doesn't make you sign up for anything, it doesn't require any custom infrastructure. Just place a file on your website and that's it.
Sign a challenge with your PGP key
Sigil uses PGP keys as digital certificates of your identity. You create a signature using this key and the result gets placed on your site.
Prove you're physically there
A WebAuthn ceremony confirms that someone with real hardware is present. The signed hardware attestation gets bundled with the challenge, linking your physical presence to the domain.
Verification is Automatic
When someone with Sigil visits your site, the signature is pulled down, checked and validated. A trust score is displayed using local computation only. No middlemen, no accounts.
For bots and automated services
If you operate a crawler, a monitoring service, or any automated system with a web presence, Sigil lets you declare that openly. Skip the WebAuthn step and produce a signed bot manifest instead.
bot-manifest.json
{
"domain": "example.com",
"bot": {
"name": "MyLegitScraper",
"version": "1.2.3",
"operator": "me@company.com",
"purpose": "price monitoring",
"crawlRate": "1req/s",
"userAgent": "MyBot/1.2.3",
"gpgFingerprint": "ABC123..."
},
"signature": "<gpg_signature_over_manifest>"
}A valid bot manifest with a matching GPG signature earns a full 100/100 bot trust score. It's displayed differently in the extension so visitors can tell it's an automated service and not a human.
Start proving you're real.
It takes a few minutes to set up. All you need is a domain.