Generate a P-256 keypair inside this browser's WebCrypto stack. The private key is stored non-extractably in IndexedDB (never leaves this device). The public key is sent to the server and written to device_keys, and the returned key_id is used as envelope.device when signing subsequent handshakes.
/chain/v1/h* can only be produced by whoever holds this browser's IndexedDB.
Source: IndexedDB · DB=flip360-chain-signer · store=keys. Read-only view — never leaves the browser.
/sign/referrer/h1 → sign a real H1 with the enrolled key.src/chain/verify.ts against the stored SPKI PEM./chain/v1/h1 returns ok:true. Chain accepted. EA Rule 1 discharged.