CBOR Tag | cose-type | Data Item | Semantics |
---|---|---|---|
98 | cose-sign | COSE_Sign | COSE Signed Data Object |
18 | cose-sign1 | COSE_Sign1 | COSE Single Signer Data Object |
96 | cose-encrypt | COSE_Encrypt | COSE Encrypted Data Object |
16 | cose-encrypt0 | COSE_Encrypt0 | COSE Single Recipient Encrypted Data Object |
97 | cose-mac | COSE_Mac | COSE MACed Data Object |
17 | cose-mac0 | COSE_Mac0 | COSE Mac w/o Recipients Object |
Media Type | Encoding | ID | Reference |
---|---|---|---|
application/cose; cose-type="cose-sign" | 98 | RFC 9052 | |
application/cose; cose-type="cose-sign1" | 18 | RFC 9052 | |
application/cose; cose-type="cose-encrypt" | 96 | RFC 9052 | |
application/cose; cose-type="cose-encrypt0" | 16 | RFC 9052 | |
application/cose; cose-type="cose-mac" | 97 | RFC 9052 | |
application/cose; cose-type="cose-mac0" | 17 | RFC 9052 | |
application/cose-key | 101 | RFC 9052 | |
application/cose-key-set | 102 | RFC 9052 |
Name | Label | Value Type | Value Registry | Description |
---|---|---|---|---|
alg | 1 | int / tstr | COSE Algorithms registry | Cryptographic algorithm to use |
crit | 2 | [+ label] | COSE Header Parameters registry | Critical header parameters to be understood |
content type | 3 | tstr / uint | CoAP Content-Formats or Media Types registries | Content type of the payload |
kid | 4 | bstr | Key identifier | |
IV | 5 | bstr | Full Initialization Vector | |
Partial IV | 6 | bstr | Partial Initialization Vector |
When more than one signature is present, the successful validation of one signature associated with a given signer is usually treated as a successful signature by that signer. However, there are some application environments where other rules are needed. An application that employs a rule other than one valid signature for each signer must specify those rules. Also, where simple matching of the signer identifier is not sufficient to determine whether the signatures were generated by the same signer, the application specification must describe how to determine which signatures were generated by the same signer. Support of different communities of recipients is the primary reason that signers choose to include more than one signature.
Name | Label | CBOR Type | Value Registry | Description |
---|---|---|---|---|
kty | 1 | tstr / int | COSE Key Types | Identification of the key type |
kid | 2 | bstr | Key identification value -- match to "kid" in message | |
alg | 3 | tstr / int | COSE Algorithms | Key usage restriction to this algorithm |
key_ops | 4 | [+ (tstr/int)] | Restrict set of permissible operations | |
Base IV | 5 | bstr | Base IV to be xor-ed with Partial IVs |
Name | Value | Description |
---|---|---|
sign | 1 | The key is used to create signatures. Requires private key fields. |
verify | 2 | The key is used for verification of signatures. |
encrypt | 3 | The key is used for key transport encryption. |
decrypt | 4 | The key is used for key transport decryption. Requires private key fields. |
wrap key | 5 | The key is used for key wrap encryption. |
unwrap key | 6 | The key is used for key wrap decryption. Requires private key fields. |
derive key | 7 | The key is used for deriving keys. Requires private key fields. |
derive bits | 8 | The key is used for deriving bits not to be used as a key. Requires private key fields. |
MAC create | 9 | The key is used for creating MACs. |
MAC verify | 10 | The key is used for validating MACs. |