Signer-agnostic primitives for PDF (PAdES B-B / B-T) and XML (XAdES B-B / B-T) signing on top of CMS / XML-DSig.
Apps wire in their own signature source by implementing the
SignCore.Signer protocol on a struct of their choosing:
pkcs11ex— PKCS#11 hardware tokens / cloud HSMs.%Pkcs11ex.Signer{slot_ref: ..., key_ref: ...}soft_signer— software keys from PKCS#12 / PKCS#8 PEM.%SoftSigner.PKCS12{...},%SoftSigner.PKCS8{...}
Once a signer is constructed, the format adapters look the same to callers regardless of where the bytes get signed:
{:ok, signed_pdf} =
SignCore.PDF.sign(pdf,
signer: signer,
alg: :PS256,
x5c: leaf_der
)
{:ok, _subject_id} =
SignCore.PDF.verify(signed_pdf)Verification is signer-independent — SignCore.PDF.verify/2 and
SignCore.XML.verify/2 only need the leaf cert's SPKI from the
embedded chain, plus a SignCore.Policy decision on whether to
trust it. Verify-only deployments can depend on :sign_core alone
and ship no signer implementation at all.