Trust Compendium — Koder
Knowledge base on digital trust: applied cryptography, PKI, certificates, electronic signatures, timestamping, code signing, trust models and their legal framing.
Informs the development of Koder products and services that depend on verifiable trust: Koder ID, Koder Domains, Koder Jet, the future Koder Sign, Trust Center, Hub.
Scope
This compendium is not operational product documentation — for that, see the READMEs in each <product>/ and the specs in meta/docs/stack/specs/.
This compendium is timeless domain knowledge: standards, protocols, legislation, history, architectural decisions, comparisons. It outlives implementation rewrites.
Convention: .kmd files (policies/document-format.kmd); numbered chapters; each subdirectory has its own INDEX.kmd.
Structure
| Directory | Content | Status |
|---|---|---|
01-fundamentals/ |
Asymmetric cryptography, hashing, MAC, KDFs, entropy, key generation | seed (1 chapter) |
02-standards/ |
PAdES, XAdES, CAdES, JAdES, ETSI EN 319, RFC 3161, RFC 5280 | seed (1 chapter) |
03-legislation/ |
MP 2.200-2 (ICP-Brasil), eIDAS (EU), ESIGN Act (US), Law 14.063/2020 | seed (3 chapters) |
04-modelos-de-confianca/ |
Hierarchical CA, Web of Trust (PGP), blockchain anchoring, KERI | planned |
05-icp-brasil/ |
Root CA, intermediate CAs, RAs, A1A3A4 certificates, e-CPF, e-CNPJ | seed (1 chapter) |
06-ssl-and-tls/ |
History of TLS, ACME, Certificate Transparency, building a Let's Encrypt-style public CA | seed (1 chapter) |
07-assinatura-de-codigo/ |
Authenticode, GPG signing, Sigstore/cosign, sigstore transparency | planned |
08-timestamping/ |
TSAs, RFC 3161, long-term validation (LTV), digital archiving | planned |
09-implementacoes/ |
OpenSSL, BoringSSL, rustls, libgcrypt, HSMs, comparisons | planned |
10-koder-stack/ |
How the Stack adopts it: Koder ID, the future Koder Sign, integration with Koder Domains | planned |
Chapters with content
01-fundamentals/
01-asymmetric-cryptography.kmd— RSA, ECDSA, Ed25519, X25519, key exchange, post-quantum (ML-KEM/ML-DSA)
02-standards/
01-x509-and-asn1.kmd— RFC 5280, ASN.1 DER, critical extensions (SAN, EKU, BasicConstraints), trust path validation, pitfalls
03-legislation/
01-brazil-mp-2200-2.kmd— Provisional Measure 2.200-22001 (ICP-Brasil); Root CACAsRAs hierarchy; A1A3/A4 categories; Art. 10 §2 as the basis for non-ICP signatures between parties02-brazil-law-14063.kmd— 3 levels (simpleadvancedqualified); coexistence with MP 2.200-2; gov.br as advanced03-eu-eidas.kmd— EU Regulation 9102014; SESAdES/QES; QTSPs; eIDAS 2 + EUDI Wallet
05-icp-brasil/
01-architecture.kmd— Institutional hierarchy, active level-1 CAs, Root CA V10, chain validation, common pitfalls
06-ssl-and-tls/
05-creating-a-letsencrypt-style-ca.kmd— Requirements, stages and costs of founding a public CA, and the pragmatic ACME resellerproxy path (the route the Stack adopts via `servicesfoundationcerts` + Koder Domains)
How to contribute
- New chapter → create a numbered
NN-topic/within the subarea, with its ownINDEX.kmd. - Doc within a chapter →
NN-title-slug.kmd; the numeric prefix sets the pedagogical order. - Update this INDEX's "Structure" table and the "Chapters with content" section.
- Link primary sources (RFCs, specs, laws); avoid rewriting what is already well documented in a canonical source — prefer to point to it and add context.
Language: pt-BR (per policies/language.kmd for internal context content).