Cross-Organizational Evidence Sharing

Scenario

Organization A generates evidence for an audited action. Organization B — a regulator, partner, or auditor — needs to verify the evidence and add its own endorsement, creating a dual-signed package that both parties trust.

Step 1: Generate Evidence (Org A)

truss evidence generate <mandate-id>

Output includes a package-id and Org A's cryptographic signature.

Step 2: Share the Package

Org A shares the package-id with Org B out of band. Org B does not need the raw evidence data — it retrieves it directly from the Truss network.

Step 3: Inspect and Dual-Sign (Org B)

truss evidence get <package-id>
truss evidence sign <package-id> --signature <org-b-sig>

Org B inspects the evidence content and signatures, then appends its own signature to create a dual-signed package.

Step 4: Verify the Full Chain

truss verify package <package-id>

Validates both Org A's and Org B's signatures, the chain of custody, and the integrity of every recorded action.

Reference: Public Keys

truss evidence keys

Lists all registered public keys across organizations for signature verification.

PreviousTutorialsNextYour First Mandate