Whisper · Docs
Agriculture

Agriculture

A harvested token and a guessable serial shouldn't be able to reach every machine on the land, and a farmer's data shouldn't leave the farm without a trail.

A farm-data backend authenticates a claim: a bearer token, an API key, a grower login. It never authenticates the machine on the other end. Whisper closes that gap with one primitive: the machine's address is its identity. This page is the agriculture front door to the Whisper docs. The full technical library (DNSSEC, DANE, RDAP, the control-plane API) sits one click down the sidebar, shared verbatim with whisper.online.

The problem: equipment-API abuse, and the data-sovereignty gap behind it

A third party reverse-engineers a farm platform's APIs until it holds the exact calls the official apps and partners make, then authenticates the same ways they do: a phished grower login, a static partner key, or an OAuth bearer token portable to any IP, whose refresh token stays valid for a year. From there it is contract-less, low-and-slow polling, indistinguishable from a real integration because it is the integration's protocol. Rate-limit it and a fresh IP appears; the egress hops across clouds and residential proxies, so all the SOC ever logs is a meaningless last IP. The root cause has a name: OWASP broken authentication / BOLA. The token authenticates a claim, never the machine.

And in agriculture the wound is double. "Farmers own their farm data" is the first principle of every ag-data code of conduct, and today it is a contract clause with no network fact behind it: nobody can prove who touched what. Detection will always be a step behind a credential that is genuinely valid. The strictly-stronger move is to change what the backend trusts.

The cure: the address is the machine

Shipped & live. Deriving a machine or ECU /128 from the hardware key it already holds is in production today. Provision one with the control-plane call below, then verify it from the DNSSEC root with tools already on your machine.

Whisper gives each machine (or each implement ECU) a routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), derived deterministically from the device's public key: its SubjectPublicKeyInfo, from the secure element or TPM in the telematics gateway, with the machine's 17-character equipment PIN (and, optionally, an implement or ECU serial) as the domain separator. The private key never leaves the chip; only its public SPKI is an input. The result is DNSSEC-anchored, DANE-EE 3 1 1 pinned, and RDAP-registered. Anyone with dig can re-derive and verify it.

device public key (SPKI)      ──derive · domain-sep = PIN──▶   /128                   ──DNSSEC + DANE-EE 3 1 1──▶   a name anyone verifies
secure element / TPM in                                       2a04:2a01:1c0::a6f1           RDAP-registered            whisper verify --trustless
the telematics gateway                                        routable, tenant-bound                                   op:'revoke' → owner-thrown, public
(private key stays on-chip)

Because the derivation is tenant-bound, the same key under two different fleets yields two unrelated /128s: an outsider cannot link a machine across fleets. And because the domain separator is the PIN, PIN alone yields nothing. You cannot go PIN → /128 without the key, there is no enumerable directory, and RDAP and reverse-DNS return the registry object, never the machine's whereabouts.

What becomes true the moment a machine holds one:

Additive, never a replacement. Whisper complements the anchors agriculture already ships: the ISOBUS (ISO 11783) NAME and AEF Guideline 040's ISOBUS security principles, the secure element / TPM, and the X.509 mTLS the OEM cloud already runs. It is the publicly verifiable, DNSSEC/DANE-anchored layer on top, anchoring the machine↔cloud boundary. Whisper never reaches into the ISOBUS/J1939 bus itself, tractor-implement (TIM) functional safety, or a drone's Remote-ID broadcast.

Provision a machine identity

Provisioning is one control-plane call over the public API: POST https://graph.whisper.security/api/query with your X-API-Key. Hand it the device's base64 SPKI and the equipment PIN; it returns the deterministic /128 and a WireGuard config for source-bound egress. The PIN travels in the vin argument today: the two identifiers share the same 17-character format, and an equipment-native pin alias is on the roadmap.

CALL whisper.agents({op:'connect', args:{
  tier:'wireguard',
  identity_public_key:'<base64 SPKI of the device key>',
  vin:'1AGCM82633A004352'   // the machine's 17-character PIN rides here today
}}) YIELD op, ok, status, result, error
RETURN op, ok, status, result, error

Send it with your key. The heredoc keeps the single-quoted Cypher literals intact, so this runs as-is:

curl -s https://graph.whisper.security/api/query \
  -H "X-API-Key: whisper_live_xxx" \
  -H 'content-type: application/json' \
  --data @- <<'JSON'
{"query":"CALL whisper.agents({op:'connect', args:{tier:'wireguard', identity_public_key:'<base64 SPKI>', vin:'1AGCM82633A004352'}}) YIELD op, ok, status, result, error RETURN op, ok, status, result, error"}
JSON
# response
{ "op": "connect", "ok": true, "status": "created",
  "result": {
    "address": "2a04:2a01:1c0::a6f1",
    "fqdn":    "pin-1agcm82633a004352.farm.<tenant>.agents.whisper.online",
    "wireguard": { /* peer, keys, allowed-ips */ }
  } }

The call is idempotent and liberal in what it accepts, strict in what it returns: re-running with the same key and PIN returns the same /128; a different PIN for a key already registered on your tenant is a clear 409, not a silent overwrite; a non-string PIN is a 400 that tells you exactly what was wrong, never an opaque 500.

i

A dedicated --pin CLI flag is on the roadmap; today, machine provisioning is the control-plane call above (which is live). The shipped CLI verbs are whisper verify --trustless, whisper create --register, whisper kill --revoke, whisper policy, and whisper logs. See CLI & one-command.

Verify it yourself: no account needed

Every machine identity is checkable with no key and no login, from the internet's own records. That includes the farmer whose machine it is. The whisper CLI does the full walk in one call:

whisper verify --trustless pin-1agcm82633a004352.farm.<tenant>.agents.whisper.online

 DNSSEC chain valid to the IANA root
 DANE-EE (TLSA 3 1 1) leaf matches the identity's key
 RDAP: registered under AS219419 · 2a04:2a01::/32
identity: VERIFIED (our own API was never trusted)

Or reach for the raw records directly: the same answer, from stock tools:

# the public verify endpoint: evidence chain in JSON
curl -s https://whisper.online/verify-identity/2a04:2a01:1c0::a6f1 | jq
{ "is_whisper_agent": true, "dane_ok": true, "jws_ok": true, "evidence": { /* … */ } }

# the address is the machine: forward-confirmed reverse DNS names it
dig -x 2a04:2a01:1c0::a6f1 +short
pin-1agcm82633a004352.farm.<tenant>.agents.whisper.online.

# the registry object: who holds the address, and under which allocation
curl -s https://whisper.online/ip/2a04:2a01:1c0::a6f1 | jq

None of these calls Whisper as an authority: --trustless re-derives the proof against the public DNSSEC root, exactly as any resolver could. See Verify an agent for the full keyless check and DANE & TLSA for the pin, byte for byte.

Revoke, worldwide, owner-thrown

A compromised ECU, a trade-in, an auction sale, a decommission. One call tears down the /128, its PTR, and its DANE pin everywhere at DNS-TTL speed, and the act is publicly checkable: the same dig that proved the identity existed proves it is gone.

CALL whisper.agents({op:'revoke', args:{agent:'2a04:2a01:1c0::a6f1'}})

# after the TTL: dig -x returns nothing, verify returns false
whisper kill --revoke 2a04:2a01:1c0::a6f1

Agriculture already learned that remote disablement works: in 2022, roughly $5M of looted equipment was bricked from afar, and nobody outside the platform could verify who threw the switch. Whisper's revoke is the accountable version: thrown by the registered owner, visible in public DNS, never a covert lockout. Compromise one ECU and you've compromised that ECU, not the fleet.

Attribution: name whoever already scraped you

Identity stops the next forgery; the graph names the operator behind the grants already in your logs. That attribution survives IP rotation because it fingerprints the operator and the tooling, not the ephemeral egress IP. Run it as read-only Cypher over the same public API with your key (there is no CLI subcommand for this; it is the graph API directly):

curl -s https://graph.whisper.security/api/query \
  -H "X-API-Key: whisper_live_xxx" \
  -H 'content-type: application/json' \
  -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
# operator fingerprinted across AWS / GCP / Azure; residential swarm collapsed by JA4

The read-only verbs (identify, origins, walk, variants, history) each return a reproducible, replayable JSON evidence chain your SOC, PSIRT, and a regulator can replay. More in Graph & cognition.

What ships today, and what's on the roadmap

We label these honestly so you can plan against them.

Shipped & liveOn the roadmap
Machine/ECU /128 from the device key + the 17-character PIN: DNSSEC + DANE-EE + RDAP An equipment-native pin argument and --pin CLI flag (the PIN rides in vin today); an ISOBUS-NAME domain separator
Control-plane provision, verify, revoke; the attribution graph over the public API STIX 2.1 over TAXII export
The Splunk, Microsoft Sentinel and OpenCTI connectors (signed, replayable JSON → CEF / ECS fields) Sector-ISAC-ready sharing formats for food & agriculture

The integration guides below describe proposed integrations at the cloud and IP boundary. They're designed to complement the stack you already run, not endorsed by any vendor, and they never name a specific OEM or platform as a breach victim.

The five Agriculture guides

The agriculture story, in depth: each page is self-contained and copy-paste runnable.

The full technical library

Agriculture rides on the same address-is-identity platform as every other agent on the network, so the whole shared library applies here unchanged, and every page has a clean Markdown twin at the same path + .md. Start with these; the rest is in the sidebar.