Tiny COSE
A very incomplete COSE library for use with other tiny-*
libraries.
What's inside
This implementation provides:
- Deserializing public and private key objects into JavaScript
CryptoKey
s - Serializing JavaScript private and public
CryptoKey
s into public and private COSE key objects - Deserializing and serializing symmetric
CryptoKey
s into COSE key objects
This implementation omits:
- Signing data with private keys
- Verifying data with public keys
- MACing data with symmetric keys
- Verifying MACd data with symmetric keys
- Direct Encryption of data with symmetric keys
- Direct Decryption of data with symmetric keys
- Encrypting data with asymmetric keys with ephemeral-static / static-static key agreement
- Decrypting data with asymmetric keys with ephemeral-static / static-static key agreement
- Key agreement with key wrapping
- Key transport
- ECDH
- Key Derivation Functions
This implementation does not support:
- RSA keys with multiple primes
- Elliptic Curve keys with compressed points
CryptoKey
s for symmetric encryption with AES- RSAES-OAEP
- Private keys without public components
- ES512 / Curve P-521, see Deno Issue P-521 curves in WebCrypto
Over time, this list may change.
Warning
COSE cryptography is, in general, unsafe for most to dabble with. Please consult a cryptographer when you are inventing something new with cryptographic constructs.
Standards References
- RFC9052 - CBOR Object Signing and Encryption (COSE): Structures and Process
- RFC9053 - CBOR Object Signing and Encryption (COSE): Initial Algorithms
- RFC9054 - CBOR Object Signing and Encryption (COSE): Hash Algorithms
- RFC8230 - Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages
- RFC8812 - CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) Registrations for Web Authentication (WebAuthn) Algorithms