# sign_core v0.1.0 - Table of Contents

Signer-agnostic PDF (PAdES B-B/B-T) and XML (XAdES B-B/B-T) signing primitives. Wire in your own signature source (PKCS#11 hardware via `pkcs11ex`, PKCS#12 / PKCS#8 software keys via `soft_signer`, cloud KMS, etc.) by implementing the `SignCore.Signer` protocol.

## Pages

- [sign_core](readme.md)
- [sign_core changelog](changelog.md)

## Modules

- [SignCore](SignCore.md): Signer-agnostic primitives for PDF (PAdES B-B / B-T) and XML
(XAdES B-B / B-T) signing on top of CMS / XML-DSig.
- [SignCore.Algorithm](SignCore.Algorithm.md): Behaviour for algorithm adapters.
- [SignCore.Algorithm.PS256](SignCore.Algorithm.PS256.md): PS256 algorithm adapter — RSASSA-PSS with SHA-256, MGF1-SHA-256, and a 32-byte salt.
- [SignCore.CMS](SignCore.CMS.md): Cryptographic Message Syntax (RFC 5652) primitives for `pkcs11ex`.
- [SignCore.CMS.Codec](SignCore.CMS.Codec.md): Thin wrapper around OTP's `:CryptographicMessageSyntax-2009` ASN.1
codec for CMS structures.
- [SignCore.CMS.OIDs](SignCore.CMS.OIDs.md): Well-known ASN.1 object identifiers used by CMS / PKCS#7 / PKCS#9.
- [SignCore.CMS.Parsed](SignCore.CMS.Parsed.md): Output of `SignCore.CMS.SignedData.parse/1` — a struct with the
fields a verify pipeline actually needs, plus the original DER for
audit / re-emission.
- [SignCore.CMS.SignedAttributes](SignCore.CMS.SignedAttributes.md): Build and encode the `signedAttrs` SET-OF Attribute that goes into a
CMS `SignerInfo` (RFC 5652 §5.3) — and produce the to-be-signed bytes
per RFC 5652 §5.4 ("the message digest calculation process").
- [SignCore.CMS.SignedData](SignCore.CMS.SignedData.md): Assemble a CMS `SignedData` `ContentInfo` envelope (RFC 5652 §5).
- [SignCore.CMS.UnsignedAttributes](SignCore.CMS.UnsignedAttributes.md): Builders for CMS `unsignedAttrs` — the optional set on a SignerInfo
that carries data computed *after* signing (signature timestamps,
countersignatures, etc.). The values aren't covered by the
signature math.
- [SignCore.JWS](SignCore.JWS.md): JWS format adapter — detached (RFC 7797) by default, attached
(RFC 7515) opt-in.
- [SignCore.PDF](SignCore.PDF.md): PAdES (PDF Advanced Electronic Signature) format adapter — Phase 4a.
- [SignCore.PDF.Reader](SignCore.PDF.Reader.md): Minimal PDF trailer / xref scanner for the PAdES adapter.
- [SignCore.PDF.Reader.Revision](SignCore.PDF.Reader.Revision.md): Parsed view of one xref + trailer pair (one PDF revision).
- [SignCore.PDF.Writer](SignCore.PDF.Writer.md): Hand-rolled PAdES B-B incremental-update emitter.
- [SignCore.Policy](SignCore.Policy.md): Behaviour for trust policies.
- [SignCore.Policy.Allow](SignCore.Policy.Allow.md): Test-only trust policy that accepts any signer with a parseable cert in the
JWS `x5c` header. **Refuses to start under `Mix.env() == :prod`.**
- [SignCore.Policy.PinnedRegistry](SignCore.Policy.PinnedRegistry.md): Default `SignCore.Policy` implementation: SPKI pinning.
- [SignCore.Signer](SignCore.Signer.md): Pluggable signature-source contract used by `SignCore.PDF.sign/2`,
`SignCore.XML.sign/2`, and `SignCore.JWS.sign/2`.
- [SignCore.X509](SignCore.X509.md): Thin wrapper around an OTP `:public_key`-decoded X.509 certificate.
- [SignCore.XML](SignCore.XML.md): XML-DSig + XAdES B-B format adapter.
- [SignCore.XML.Builder](SignCore.XML.Builder.md): Builds XML-DSig elements for the XAdES B-B sign flow.
- [SignCore.XML.C14n.XmerlC14n](SignCore.XML.C14n.XmerlC14n.md): Vendored copy of `xmerl_c14n` (DoggettCK/xmerl_c14n on Hex, derived
from esaml's Erlang implementation).
- [SignCore.XML.Canonicalizer](SignCore.XML.Canonicalizer.md): Thin wrapper around `SignCore.XML.C14n.XmerlC14n` — our vendored
copy of `xmerl_c14n`.
- [SignCore.XML.XAdES](SignCore.XML.XAdES.md): Builds the XAdES B-B `<xades:QualifyingProperties>` block.

