(assert-signature-valid-when-present object credential)

(decrypt! sp-private-key element)

(new-secret-key)

(recursive-decrypt! sp-private-key element)

(sign object
      credential
      &
      {:keys [signature-algorithm canonicalization-algorithm]
       :or {signature-algorithm [:rsa :sha256]
            canonicalization-algorithm :excl-omit-comments}})

(signature object)

(signed? object)