VeritaCast
Broadcast authenticity · Verita family

DKIM for podcasts
and press releases.

Per-item cryptographic signatures for podcasts, RSS feeds, press releases, and newsletters. Subscribers' clients verify that every episode was actually published by the claimed author — defeating impersonation, silent edits, and platform-level spoofing.

How it works Use cases
How it works

A signature on every item. A manifest at the feed.

Per-item envelope

Every episode / issue / press release is wrapped in a signed envelope: content hash, title, publish timestamp, publisher pubkey, signature. The signature is what verifies.

Feed manifest

Each feed publishes a manifest at a well-known URL listing the publisher's current public key (plus a signed transition log of previous keys, so rotation doesn't break old items).

Chained history

Every item commits to the hash of the previous item. Silent deletions or reorderings are visible to any subscriber who's been listening for a while.

<!-- podcast RSS, with VeritaCast signature as an extension element -->
<item>
  <title>Episode 42: On podcast feed integrity</title>
  <enclosure url="https://cdn.example/ep42.mp3" type="audio/mpeg"/>
  <pubDate>Mon, 20 Apr 2026 12:00:00 GMT</pubDate>

  <!-- VeritaCast extension -->
  <vcast:envelope
    content-hash="sha256:3f2a…"
    prev-item="sha256:9b14…"
    publisher="ed25519:acme-podcast-2026"
    signature="xyZ1…" />
</item>

A naive RSS reader ignores the extension and plays the episode normally. A VeritaCast-aware reader verifies the signature before playback and surfaces the result. Zero-downside drop-in.

Where it fits

Where "did they actually publish this?" is a real question.

Podcasts in the AI-voice era

When cloning a host's voice takes minutes, listeners need a way to tell genuine episodes from fakes. Signatures give them one without requiring platform cooperation.

Press releases & corporate comms

Official statements from a company or government body. Today "the press release from their newsroom" is trusted because of the domain; signatures make it trusted because of the key.

Newsletter authenticity

Substack-style author voices where impersonation attacks are rising. Every issue's signature chains to the previous, so silent edits are visible.

Security advisories

CVE feeds, vendor advisories, security teams. Today these rely on transport-level trust (HTTPS to the right domain); signatures make the content itself provable.

Analog: DKIM for email, ARC for forwarded email, Sigstore for build artifacts. VeritaCast does the feed-level equivalent for published content.

Family

Part of the Verita- portfolio.

Every sibling shares the same Ed25519 identity, the same log shape, and the same offline verifier. A VeritaCast feed manifest is a VeritaBase identity declaration; the per-episode signatures use the family's receipt-bundle format.