generate Mdoc Payload
Builds the SignedQR transport payload for presenting a held mdoc credential: the issued issuerSigned (optionally with some claims omitted) plus a fresh device signature over the signed-QR SessionTranscript. Frame it for display with SecureQRRenderer.encodeMdocFrames — mirroring how the SD-JWT path returns one payload the renderer frames. The assembled frames verify with com.dewa.walletsdk.secureqr.altid.AltIdQrVerifier.
Return
the raw SignedQRPayload CBOR bytes.
Parameters
the issued IssuerSigned CBOR (e.g. a credential's issuer-provided data).
the mdoc docType.
/validTo QR validity window in Unix seconds (prefer trusted server time).
claims to omit by identifier.
omit byte-string claims (portraits/biometrics) that bloat the payload into many frames. Omission is safe — retained claims still verify.
signs the COSE Sig_structure with the credential's device key, returning the raw (r‖s) ES256 signature.