;; next/genesis/sig-suites/rsa-sha256-2018.sx
;;
;; W3C Verifiable Credential signature suite — RSA-SHA256 over
;; canonical bytes, key material in PEM. Compatible with
;; Mastodon's HTTP-Signatures / Linked-Data-Signatures-2017.

(DefineSigSuite
  :name "rsa-sha256-2018"
  :doc "RSA-SHA256 verification. Key carries publicKeyPem.\n        :verify takes canonical-bytes + signature + key and\n        returns bool. Real verification deferred to m2 once\n        crypto:verify_rsa/3 BIF lands; v1 stand-in returns\n        false to defer all RSA-signed activities."
  :verify (fn (canonical-bytes signature key) false)
  :key-format (fn (key-doc) (string? (-> key-doc :publicKeyPem))))