Tiny COSE

A very incomplete COSE library for use with other tiny-* libraries.

What's inside

This implementation provides (incomplete):

  • Deserializing public and private key objects into JavaScript CryptoKeys
  • Serializing JavaScript private and public CryptoKeys into public and private COSE key objects
  • Deserializing and serializing symmetric CryptoKeys into COSE key objects

This implementation omits:

  • Signing data with private keys
  • Verifying data with public keys
  • MACing data with symmetric keys
  • Verifying MACd data with symmetric keys
  • Direct Encryption of data with symmetric keys
  • Direct Decryption of data with symmetric keys
  • Encrypting data with asymmetric keys with ephemeral-static / static-static key agreement
  • Decrypting data with asymmetric keys with ephemeral-static / static-static key agreement
  • Key agreement with key wrapping
  • Key transport
  • ECDH
  • Key Derivation Functions

This implementation does not support:

  • RSA keys with multiple primes
  • Elliptic Curve keys with compressed points
  • CryptoKeys for symmetric encryption with AES
  • RSAES-OAEP
  • Private keys without public components
  • ES512 / Curve P-521, see Deno Issue P-521 curves in WebCrypto

Over time, this list may change.

Warning

COSE cryptography is, in general, unsafe for most to dabble with. Please consult a cryptographer when you are inventing something new with cryptographic constructs.

Standards References