Keri lines

Welcome to KERI

Key Event Receipt Infrastructure (KERIis the first truly fully decentralized identity system.

KERI Truly Decentralized Identity

Truly Decentralized Identity

KERI is the first truly decentralized identity system. It is ledger-less which means it doesn’t need to use a ledger at all or ledger-portable which means that its identifiers are not locked to any given ledger and may switch as needed. In other words KERI identifiers are truly portable.  
KERI GDPR Compliant

Supports GDPR Compliance

KERI is inherently supportive of GDPR (global data protection rights) compliance.  KERI provides non-intertwined identifier trust bases which means that a given identifier’s data may be erased and truly forgotten.  

KERI Self-Certifying Identifiers

Self-Certifying Identifiers

KERI has a decentralized secure root-of-trust based on cryptographic self-certifying identifiers. It uses hash chained data structures called Key Event Logs that enable ambient cryptographic verifiability. In other words, any log may be verified anywhere at anytime by anybody. It has separable control over shared data which means each person or entity truly controls their own identifiers.

KERI Scalability


KERI is designed for high performance and scalability.  It is compatible with data intensive  event streaming and event sourcing applications.

KERI Key Management Infrastructure

Key Management Infrastructure

One useful way of describing KERI is that it is a decentralized key management infrastructure based on key change events that supports both attestable key events and consensus based verification of key events. KERI solves the hard problem of key management, that is key rotation.

KERI Open Apache2

Open Apache2

Best of all KERI is open Apache2. It is a project working toward IETF standardization.  

Best Practices

KERI uses best practices for key management which include a novel key rotation scheme called pre-rotation. This simplifies key management infrastructure. Pre-rotation is also post-quantum secure. KERI supports enterprise scalability features such as delegated identifiers that support hierarchical key management infrastructure.


KERI‘s design recognizes that It’s much easier to secure one’s own keys well than to secure everyone else’s internet computing infrastructure well.