signsan

SignSan is a framework proposal in the field of digital security that aims to combine cryptographic signing with content sanitization to maintain authenticity while preventing unsafe content alterations during processing. The core idea is to sign a canonical representation of content after it has been sanitized according to a defined policy, and to attach a manifest describing the sanitization rules used. A signer uses a digital signature on the canonicalized, sanitized form; a verifier re-applies the same sanitization policy to the received content, reconstructs the canonical form, and checks the signature.

Key components include a signing policy, a sanitizer, a canonicalizer, and a verification library. Sanitization policies

SignSan is not yet standardized; various projects experiment with its principles in content distribution, document signing,

See also: digital signature, content sanitization, canonicalization, verifiable credentials.