# Module BSV::Wallet::Serializer::Certificate <a id="module-BSV-Wallet-Serializer-Certificate"></a>

Shared BRC-103 wire codec for Certificate and IdentityCertificate.

Certificate wire layout (matches go-sdk serializeCertificate):
    [32 bytes: type (raw bytes decoded from Base64)]
    [32 bytes: serial_number (raw bytes decoded from Base64)]
    [33 bytes: subject compressed pubkey]
    [33 bytes: certifier compressed pubkey]
    [32 bytes + varint: revocation_outpoint (display-order txid + varint vout)]
    [varint: field_count]
    per field: [varint-len name][varint-len value]
    [remaining: DER signature bytes (absent if no signature)]

IdentityCertificate additionally appends:
    [varint-int: serialised Certificate bytes (int-prefixed)]
    [varint-str: certifier_info.name]
    [varint-str: certifier_info.icon_url]
    [varint-str: certifier_info.description]
    [1 byte: certifier_info.trust]
    [varint: keyring_count] per entry: [varint-str key][varint-int raw_bytes]
    [varint: decrypted_fields_count] per entry: [varint-str key][varint-str value]

## Constants
### `CERT_TYPE_SIZE` <a id="constant-CERT_TYPE_SIZE"></a> <a id="CERT_TYPE_SIZE-constant"></a>
Not documented.

### `NULL_TXID_HEX` <a id="constant-NULL_TXID_HEX"></a> <a id="NULL_TXID_HEX-constant"></a>
NULL outpoint used when revocation_outpoint is nil.

### `PUBKEY_SIZE` <a id="constant-PUBKEY_SIZE"></a> <a id="PUBKEY_SIZE-constant"></a>
Not documented.

### `SERIAL_SIZE` <a id="constant-SERIAL_SIZE"></a> <a id="SERIAL_SIZE-constant"></a>
Not documented.

## Public Class Methods
### `deserialize_certificate(bytes)` <a id="method-c-deserialize_certificate"></a> <a id="deserialize_certificate-class_method"></a>
Deserialise a certificate from binary.
- **@param** `bytes` [String] binary
- **@return** [Hash]

### `deserialize_identity_certificate(reader)` <a id="method-c-deserialize_identity_certificate"></a> <a id="deserialize_identity_certificate-class_method"></a>
Deserialise an IdentityCertificate from a Reader (reads inline, not
length-prefixed).
- **@param** `reader` [Wire::Reader]
- **@return** [Hash]

### `serialize_certificate(cert, include_signature: = true)` <a id="method-c-serialize_certificate"></a> <a id="serialize_certificate-class_method"></a>
Serialise a certificate Hash to binary.
- **@param** `cert` [Hash] with keys: :type (Base64), :serial_number (Base64),
:subject (hex pubkey), :certifier (hex pubkey),
:revocation_outpoint (String "txid.vout" or nil),
:fields (Hash<String,String>), :signature (hex bytes or nil)
- **@param** `include_signature` [Boolean] whether to append signature bytes
- **@return** [String] binary

### `serialize_identity_certificate(cert)` <a id="method-c-serialize_identity_certificate"></a> <a id="serialize_identity_certificate-class_method"></a>
Serialise an IdentityCertificate (used by discover_* result).
- **@param** `cert` [Hash] all Certificate fields plus:
:certifier_info ({ name:, icon_url:, description:, trust: })
:publicly_revealed_keyring (Hash<String,Base64>)
:decrypted_fields (Hash<String,String>)
