# sign_core v0.1.0 - Table of Contents Signer-agnostic PDF (PAdES B-B/B-T) and XML (XAdES B-B/B-T) signing primitives. Wire in your own signature source (PKCS#11 hardware via `pkcs11ex`, PKCS#12 / PKCS#8 software keys via `soft_signer`, cloud KMS, etc.) by implementing the `SignCore.Signer` protocol. ## Pages - [sign_core](readme.md) - [sign_core changelog](changelog.md) ## Modules - [SignCore](SignCore.md): Signer-agnostic primitives for PDF (PAdES B-B / B-T) and XML (XAdES B-B / B-T) signing on top of CMS / XML-DSig. - [SignCore.Algorithm](SignCore.Algorithm.md): Behaviour for algorithm adapters. - [SignCore.Algorithm.PS256](SignCore.Algorithm.PS256.md): PS256 algorithm adapter — RSASSA-PSS with SHA-256, MGF1-SHA-256, and a 32-byte salt. - [SignCore.CMS](SignCore.CMS.md): Cryptographic Message Syntax (RFC 5652) primitives for `pkcs11ex`. - [SignCore.CMS.Codec](SignCore.CMS.Codec.md): Thin wrapper around OTP's `:CryptographicMessageSyntax-2009` ASN.1 codec for CMS structures. - [SignCore.CMS.OIDs](SignCore.CMS.OIDs.md): Well-known ASN.1 object identifiers used by CMS / PKCS#7 / PKCS#9. - [SignCore.CMS.Parsed](SignCore.CMS.Parsed.md): Output of `SignCore.CMS.SignedData.parse/1` — a struct with the fields a verify pipeline actually needs, plus the original DER for audit / re-emission. - [SignCore.CMS.SignedAttributes](SignCore.CMS.SignedAttributes.md): Build and encode the `signedAttrs` SET-OF Attribute that goes into a CMS `SignerInfo` (RFC 5652 §5.3) — and produce the to-be-signed bytes per RFC 5652 §5.4 ("the message digest calculation process"). - [SignCore.CMS.SignedData](SignCore.CMS.SignedData.md): Assemble a CMS `SignedData` `ContentInfo` envelope (RFC 5652 §5). - [SignCore.CMS.UnsignedAttributes](SignCore.CMS.UnsignedAttributes.md): Builders for CMS `unsignedAttrs` — the optional set on a SignerInfo that carries data computed *after* signing (signature timestamps, countersignatures, etc.). The values aren't covered by the signature math. - [SignCore.JWS](SignCore.JWS.md): JWS format adapter — detached (RFC 7797) by default, attached (RFC 7515) opt-in. - [SignCore.PDF](SignCore.PDF.md): PAdES (PDF Advanced Electronic Signature) format adapter — Phase 4a. - [SignCore.PDF.Reader](SignCore.PDF.Reader.md): Minimal PDF trailer / xref scanner for the PAdES adapter. - [SignCore.PDF.Reader.Revision](SignCore.PDF.Reader.Revision.md): Parsed view of one xref + trailer pair (one PDF revision). - [SignCore.PDF.Writer](SignCore.PDF.Writer.md): Hand-rolled PAdES B-B incremental-update emitter. - [SignCore.Policy](SignCore.Policy.md): Behaviour for trust policies. - [SignCore.Policy.Allow](SignCore.Policy.Allow.md): Test-only trust policy that accepts any signer with a parseable cert in the JWS `x5c` header. **Refuses to start under `Mix.env() == :prod`.** - [SignCore.Policy.PinnedRegistry](SignCore.Policy.PinnedRegistry.md): Default `SignCore.Policy` implementation: SPKI pinning. - [SignCore.Signer](SignCore.Signer.md): Pluggable signature-source contract used by `SignCore.PDF.sign/2`, `SignCore.XML.sign/2`, and `SignCore.JWS.sign/2`. - [SignCore.X509](SignCore.X509.md): Thin wrapper around an OTP `:public_key`-decoded X.509 certificate. - [SignCore.XML](SignCore.XML.md): XML-DSig + XAdES B-B format adapter. - [SignCore.XML.Builder](SignCore.XML.Builder.md): Builds XML-DSig elements for the XAdES B-B sign flow. - [SignCore.XML.C14n.XmerlC14n](SignCore.XML.C14n.XmerlC14n.md): Vendored copy of `xmerl_c14n` (DoggettCK/xmerl_c14n on Hex, derived from esaml's Erlang implementation). - [SignCore.XML.Canonicalizer](SignCore.XML.Canonicalizer.md): Thin wrapper around `SignCore.XML.C14n.XmerlC14n` — our vendored copy of `xmerl_c14n`. - [SignCore.XML.XAdES](SignCore.XML.XAdES.md): Builds the XAdES B-B `` block.