{
  "keyId": "scanner-signing-2025",
  "algorithm": "ECDSA-P256",
  "comment": "Scanner public key for PoE DSSE verification (2025)",
  "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYYYYYYYYYYYYYYYYYYYYYYYYYYYY\nYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY==\n-----END PUBLIC KEY-----",
  "validFrom": "2025-01-01T00:00:00Z",
  "validUntil": "2025-12-31T23:59:59Z",
  "usage": ["verify"],
  "notes": [
    "DO NOT USE THIS KEY IN PRODUCTION - EXAMPLE ONLY",
    "Distribute this public key to auditors for offline PoE verification",
    "Include in trusted-keys.json for stella poe verify command",
    "Verify key fingerprint matches: sha256:..."
  ]
}