ArchivioMD: A Deep Dive into the Cryptographic Stack

This is an update to my earlier post on ArchivioMD. Since that writeup, the plugin has landed on WordPress.org, gained a full algorithm suite, HMAC integrity mode, RFC 3161 trusted timestamping, and external anchoring to GitHub/GitLab. There's a lot to unpack. What the plugin actually does ArchivioMD started as a way to manage meta-documentation files — your security.txt , privacy-policy.md , robots.txt and similar — from inside the WordPress admin. Every document gets a UUID and a checksum, every edit appends to an immutable changelog, and HTML rendering from Markdown is handled automatically. That's still the core. What's grown significantly is the cryptographic layer on top of it: how hashes are computed, how they're bound to identity, how they're externally verifiable, and how you can timestamp them against a trusted third party. That's what this post is about. The hash helper: algorithm-agnostic from the start The entire hashing surface of the plugin runs through a single class, M