TDPortCarrier Vetting
The artifacts

Your account key

The file that signs your vettings. Back it up.

When you create a free account, TDPort generates a signing key in your browser. The key is a file on your machine. It signs your vettings so future verifiers can prove the vetting came from you, not from someone impersonating you.

This page explains what the key is, what to do with it, and what happens when things go wrong.

What the key actually is

Technically, an Ed25519 keypair. Practically, two things bundled together:

  • A private key — a short binary file that lives on your machine. It can sign records. It cannot be reconstructed from anything else.
  • A public key — the other half, which the proof chain publishes alongside your account name. Anyone can use the public key to verify a signature, but no one can use it to make a signature.

A useful analogy: the private key is your hand-stamped notary seal. The public key is the published sample of the seal that lets a third party confirm a stamp is real.

Why you hold it, not us

The whole legal point of the sealed cert is that you signed the vetting — not TDPort. If TDPort held your key, every cert you signed would carry the implicit claim that TDPort was a co-signer of your vetting decision. We are not, and we don't want to be. Montgomery puts the duty of ordinary care on the broker or shipper who selected the carrier. The cert reflects that.

So the key is yours. It is generated in your browser, stored in your browser's secure local storage, and never transmitted to TDPort's servers. We can't sign on your behalf. We can't unmask you. We can't recover the key if you lose it.

What you need to do with it

One thing: back it up.

When you create an account, the page offers you a backup file download. Save it somewhere you would save other important documents — a password manager's secure note, an encrypted USB drive, a cloud drive you trust. The file is small.

If you don't back it up and your browser's storage gets wiped (reinstall, lost laptop, cleared site data), you lose the ability to sign new vettings under your existing account. Old certs you already issued still verify — they carry their own proof — but new vettings would have to be signed under a new account with a new key.

This is the same model crypto wallets use, except the stakes are lower: losing the key doesn't lose money, just signing identity.

What you can sign under your key

Anything you do on tdport.io that produces a sealed record:

  • Carrier vettings on the workbench.
  • Documents you attach to a vetting through the workspace panel (a COI, a pickup checklist, a signed broker-carrier agreement).

Each sealed item carries your signature. Each cert carries the verify URL that lets a third party check the signature.

What happens when something goes wrong

You lose the key file but still have access to your account. Your existing certs are unaffected. You'll be able to verify them and view them in your vault. You can't sign new records until you restore the file or generate a new key. Generating a new key gives you a new producer identity on the chain; your old records stay tied to your old identity.

Your laptop dies and you didn't back up. Same as above. Old certs unaffected; new records require a new key.

You think someone copied your key file. The key file alone is enough to sign vettings under your name. There's no PIN, no second factor on the key itself. Treat the key file the way you'd treat a signed blank check. If you suspect compromise, generate a new account key, and assume any new vettings under the old key weren't yours.

You forgot which account you used. Sign in via the same Google account you used to create it. Your accounts and records are tied to that login. The signing key is separate from the login — the login gets you back to the workbench, but the key file is what actually signs.

What the key is not

  • It is not a password. There is nothing to remember and nothing to type. The file is the credential.
  • It is not your identity. Your name and account exist independently on the proof chain. The key proves a vetting came from your account; it doesn't constitute your account.
  • It is not blockchain wallet money. There is nothing of monetary value attached. Losing it means losing the ability to sign new records under your identity. Nothing else.