# `SoftSigner`
[🔗](https://github.com/utaladriz/pkcs11ex/blob/v0.1.0/lib/soft_signer.ex#L1)

Software-key implementations of the `SignCore.Signer` protocol —
PKCS#12 (.p12 / .pfx) bundles and PKCS#8 PEM private keys.

Used together with `sign_core` to produce PDF / XML / JWS
signatures from filesystem-resident keys, for deployments where
no PKCS#11 hardware is available (or where multiple key sources
coexist with hardware tokens via `pkcs11ex`).

## PKCS#12

    {:ok, signer} = SoftSigner.PKCS12.load("invoice.p12", password: "...")

    {:ok, signed_pdf} =
      SignCore.PDF.sign(pdf,
        signer: signer,
        alg: :PS256,
        x5c: SoftSigner.PKCS12.cert_chain(signer)
      )

## Architectural notes

Software signing is a deliberate choice — by design, deployments
that mandate HSM-only signing should depend on `pkcs11ex` and
not include `soft_signer` in their dep graph. The library
boundary is the audit story.

---

*Consult [api-reference.md](api-reference.md) for complete listing*