Start reorg and consolidation of signing docs

crandmck · crandmck · commit 25a6f0af6262 · 2025-04-01T10:26:55.000-07:00
diff --git a/docs/prod-cert.mdx b/docs/prod-cert.mdx
@@ -1,11 +1,11 @@
 ---
 id: prod-cert
-title: Getting and using a signing certificate
+title: Getting and using a production certificate
 ---
 
 ## Overview
 
-For convenience, C2PA Tool, the Rust library, and the CAI prerelease libraries include one or more [test certificates](manifest/signing-manifests.md#test-certificates) and private keys for use during development, typically in the `tests/fixtures` directory. While these test certificates and keys are useful during development and testing, for production deployment you must use your own private key and certificate.
+For convenience, C2PA Tool, the Rust library, and the CAI prerelease libraries include one or more [test certificates](signing-certs.md#test-certificates) and private keys for use during development, typically in the `tests/fixtures` directory. While these test certificates and keys are useful during development and testing, for production deployment you must use your own private key and certificate.
 
 Certificates and private keys are often stored on a hardware security module (HSM), a physical device that attaches directly to a computer or server and is used to securely manage and perform operations on cryptographic keys. A Key Management Service (KMS) is software used to manage keys in a networked environment. A KMS can be connected to a HSM for extra security. For example, the [Python example application](c2pa-python-example/readme.md) uses [AWS KMS](https://aws.amazon.com/kms/).
 
@@ -26,7 +26,7 @@ A CSR is just an unsigned certificate that's a template for the certificate that
 A CSR comprises a public key, as well as ["distinguished name" information](https://knowledge.digicert.com/general-information/what-is-a-distinguished-name) that identifies the individual or organization requesting the certificate. The distinguished name includes a common name, organization, city, state, country, and e-mail address. Not all of these fields are required and will vary depending with the assurance level of the desired certificate.
 
 :::tip
-For the C2PA [Verify tool](https://verify.contentauthenticity.org/) to display your organization name in the Content Credentials, your CSR must include the "O" or Organization Name attribute in the distinguished name information.  See [below](#organization-name) for details.
+For the C2PA [Verify tool](https://verify.contentauthenticity.org/) to display your organization name in the Content Credentials, your CSR must include the "O" or Organization Name attribute in the distinguished name information. See [below](#organization-name) for details.
 :::
 
 You sign the CSR with your private key; this proves to the CA that you have control of the private key that corresponds to the public key included in the CSR. Once the requested information in a CSR passes a vetting process and domain control is established, the CA may sign the public key to indicate that it can be publicly trusted.
diff --git a/docs/signing-certs.md b/docs/signing-certs.md
@@ -0,0 +1,6 @@
+---
+id: signing-certs
+title: Signing and certificates
+---
+
+TBD
diff --git a/docs/signing-manifests.md b/docs/signing-manifests.md
@@ -1,10 +1,10 @@
 ---
-id: signing-manifests
+id: sign-manifests
 title: Signing manifests
 ---
 
 :::tip
-Before reading this page, be sure to read [Getting started](../getting-started.mdx) so you'll have some basic background on public-key infrastructure (PKI) technology, certificates, and signing manifests.
+Before reading this page, be sure to read [Getting started](getting-started.mdx) so you'll have some basic background on public-key infrastructure (PKI) technology, certificates, and signing manifests.
 :::
 
 ## Overview
@@ -78,7 +78,7 @@ The information in this table is based on the [C2PA specification Trust Model se
 Here is an example of generating a C2PA-compliant set of credentials using [GlobalSign](http://globalsign.com/) certificate authority (CA).    
 
 :::note
-GlobalSign is just one of many CAs. For a list of some others, see [Getting started](../getting-started.mdx#getting-a-security-certificate).
+GlobalSign is just one of many CAs. For a list of some others, see [Getting started](getting-started.mdx#getting-a-security-certificate).
 :::note
 
 Credential management is a complex topic and different for every organization.   See [above](#overview) for links to best practices.
@@ -163,7 +163,7 @@ Certificate:
 .
 ```
 
-You now have all the needed information to configure C2PA Tool for manifest signing. Edit your [manifest store file](../c2patool/docs/manifest.md) to have the following content:
+You now have all the needed information to configure C2PA Tool for manifest signing. Edit your [manifest store file](./c2patool/docs/manifest.md) to have the following content:
 
 ```json
 "alg": "ps256",
@@ -173,7 +173,7 @@ You now have all the needed information to configure C2PA Tool for manifest sign
 
 The `private_key` and `sign_cert` properties must be full paths to the key and certificate chain files generated above.
 
-You can now use C2PA Tool [to add a manifest to an image or other asset file](../c2patool/docs/usage.md#adding-a-manifest-to-an-asset-file). The command will be something like this:
+You can now use C2PA Tool [to add a manifest to an image or other asset file](c2patool/docs/usage.md#adding-a-manifest-to-an-asset-file). The command will be something like this:
 
 ```
 c2patool -m my_manifest.json -o signed_image.jpg my_image.jpg
@@ -182,7 +182,7 @@ c2patool -m my_manifest.json -o signed_image.jpg my_image.jpg
 The example above uses the information in `my_manifest.json` to add a new manifest to output `signed_image.jpg` using source `my_image.jpg`. The manifest will be signed using the PS256 signature algorithm with private key `mykey.pem`. The manifest will contain the trust chain specified in `mycerts.pem`.
 
 :::warning
-This example accesses the private key and certificate directly from the file system, which is fine during development, but in production may not be secure.  Instead, in a production application,  use a hardware security module (HSM) or a Key Management Service (KMS); for example as show in the [C2PA Python Example](../c2pa-python-example/readme.md).
+This example accesses the private key and certificate directly from the file system, which is fine during development, but in production may not be secure.  Instead, in a production application,  use a hardware security module (HSM) or a Key Management Service (KMS); for example as show in the [C2PA Python Example](c2pa-python-example/readme.md).
 :::
 
 ### Confirm it worked
diff --git a/sidebars.js b/sidebars.js
@@ -12,6 +12,11 @@ const sidebars = {
       link: { type: 'doc', id: 'getting-started' },
       collapsed: true,
       items: [
+        {
+          type: 'doc',
+          label: 'FAQs',
+          id: 'faqs',
+        },
         {
           type: 'doc',
           id: 'verify',
@@ -40,10 +45,6 @@ const sidebars = {
           type: 'doc',
           id: 'manifest/manifest-validation',
         },
-        {
-          type: 'doc',
-          id: 'manifest/signing-manifests',
-        },
         {
           type: 'doc',
           id: 'manifest/manifest-examples',
@@ -60,7 +61,6 @@ const sidebars = {
         },
       ],
     },
-
     {
       type: 'category',
       label: 'C2PA Tool',
@@ -111,7 +111,6 @@ const sidebars = {
       collapsed: true,
       items: jsSdkSidebar.docs,
     },
-
     {
       type: 'category',
       label: 'Prerelease libraries',
@@ -209,7 +208,6 @@ const sidebars = {
         },
       ],
     },
-
     {
       type: 'category',
       label: 'Rust library',
@@ -249,19 +247,22 @@ const sidebars = {
       ],
     },
     {
-      type: 'doc',
-      label: 'Getting and using a certificate',
-      id: 'prod-cert',
-    },
-    {
-      type: 'doc',
-      label: 'FAQs',
-      id: 'faqs',
-    },
-    {
-      type: 'doc',
-      label: 'Community resources',
-      id: 'community-resources',
+      type: 'category',
+      label: 'Signing and certificates',
+      link: { type: 'doc', id: 'signing-certs' },
+      collapsed: true,
+      items: [
+        {
+          type: 'doc',
+          label: 'Signing manifests',
+          id: 'sign-manifests',
+        },
+        {
+          type: 'doc',
+          label: 'Using a certificate in production',
+          id: 'prod-cert',
+        },
+      ],
     },
     {
       type: 'category',
@@ -325,9 +326,17 @@ const sidebars = {
       ],
     },
     {
-      type: 'doc',
-      label: 'Task planning & roadmap',
-      id: 'roadmap',
+      type: 'category',
+      label: 'Community resources',
+      link: { type: 'doc', id: 'community-resources' },
+      collapsed: true,
+      items: [
+        {
+          type: 'doc',
+          label: 'Task planning & roadmap',
+          id: 'roadmap',
+        },
+      ],
     },
   ],
 };

-Original file line number
+Diff line change
@@ @@ -0,0 +1,6 @@ @@
 +---
 +id: signing-certs
 +title: Signing and certificates
 +---
++
 +TBD