RFC 8785 JCS canonicalization + ES256 signing implementation

## Summary
Implement the actual signing and verification logic. Currently write-only — attestations can be created but not verified.

## Requirements
- RFC 8785 (JSON Canonicalization Scheme) implementation for deterministic payload serialization
- ES256 signing: `signature.value = ES256(SHA-256(JCS(payload)))`
- `verify_signature()` function in all three languages (Rust, Python, TypeScript)
- Canonical payload builder that extracts the signable fields from an IntegrityAttestation
- Timestamp validation (ISO 8601 format, not in future, max age enforcement)

## Blocking
This blocks all signed attestation work (Phase 2+). Without canonicalization, cross-language verification breaks.

## References
- [RFC 8785](https://www.rfc-editor.org/rfc/rfc8785)
- docs/ATTESTATION.md — Canonicalization section

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RFC 8785 JCS canonicalization + ES256 signing implementation #1

Summary

Requirements

Blocking

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RFC 8785 JCS canonicalization + ES256 signing implementation #1

Description

Summary

Requirements

Blocking

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions