Trust Compendium — Koder

seed

Knowledge base on digital trust: applied cryptography, PKI, certificates, electronic signatures, timestamping, code signing, trust models and their legal framing.

Informs the development of Koder products and services that depend on verifiable trust: Koder ID, Koder Domains, Koder Jet, the future Koder Sign, Trust Center, Hub.


Scope

This compendium is not operational product documentation — for that, see the READMEs in each <product>/ and the specs in meta/docs/stack/specs/.

This compendium is timeless domain knowledge: standards, protocols, legislation, history, architectural decisions, comparisons. It outlives implementation rewrites.

Convention: .kmd files (policies/document-format.kmd); numbered chapters; each subdirectory has its own INDEX.kmd.


Structure

Directory Content Status
01-fundamentals/ Asymmetric cryptography, hashing, MAC, KDFs, entropy, key generation seed (1 chapter)
02-standards/ PAdES, XAdES, CAdES, JAdES, ETSI EN 319, RFC 3161, RFC 5280 seed (1 chapter)
03-legislation/ MP 2.200-2 (ICP-Brasil), eIDAS (EU), ESIGN Act (US), Law 14.063/2020 seed (3 chapters)
04-modelos-de-confianca/ Hierarchical CA, Web of Trust (PGP), blockchain anchoring, KERI planned
05-icp-brasil/ Root CA, intermediate CAs, RAs, A1A3A4 certificates, e-CPF, e-CNPJ seed (1 chapter)
06-ssl-and-tls/ History of TLS, ACME, Certificate Transparency, building a Let's Encrypt-style public CA seed (1 chapter)
07-assinatura-de-codigo/ Authenticode, GPG signing, Sigstore/cosign, sigstore transparency planned
08-timestamping/ TSAs, RFC 3161, long-term validation (LTV), digital archiving planned
09-implementacoes/ OpenSSL, BoringSSL, rustls, libgcrypt, HSMs, comparisons planned
10-koder-stack/ How the Stack adopts it: Koder ID, the future Koder Sign, integration with Koder Domains planned

Chapters with content

01-fundamentals/

02-standards/

  • 01-x509-and-asn1.kmd — RFC 5280, ASN.1 DER, critical extensions (SAN, EKU, BasicConstraints), trust path validation, pitfalls

03-legislation/

  • 01-brazil-mp-2200-2.kmd — Provisional Measure 2.200-22001 (ICP-Brasil); Root CACAsRAs hierarchy; A1A3/A4 categories; Art. 10 §2 as the basis for non-ICP signatures between parties
  • 02-brazil-law-14063.kmd — 3 levels (simpleadvancedqualified); coexistence with MP 2.200-2; gov.br as advanced
  • 03-eu-eidas.kmd — EU Regulation 9102014; SESAdES/QES; QTSPs; eIDAS 2 + EUDI Wallet

05-icp-brasil/

  • 01-architecture.kmd — Institutional hierarchy, active level-1 CAs, Root CA V10, chain validation, common pitfalls

06-ssl-and-tls/

  • 05-creating-a-letsencrypt-style-ca.kmd — Requirements, stages and costs of founding a public CA, and the pragmatic ACME resellerproxy path (the route the Stack adopts via `servicesfoundationcerts` + Koder Domains)

How to contribute

  1. New chapter → create a numbered NN-topic/ within the subarea, with its own INDEX.kmd.
  2. Doc within a chapter → NN-title-slug.kmd; the numeric prefix sets the pedagogical order.
  3. Update this INDEX's "Structure" table and the "Chapters with content" section.
  4. Link primary sources (RFCs, specs, laws); avoid rewriting what is already well documented in a canonical source — prefer to point to it and add context.

Language: pt-BR (per policies/language.kmd for internal context content).