Skip to content
/ cose-elixir Public

CBOR Object Signing and Encryption (COSE) [RFC 8152].

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

geonnave/cose-elixir

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.vscode
.vscode
 
 
lib
lib
 
 
test
test
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

COSE

CBOR Object Signing and Encryption (COSE) [RFC8152] in Elixir.

Currently supports:

  • Sign1 messages with algorithm eddsa
  • Encrypt messages with algorithm ecdh_ss_hkdf_256 and key x25519

Additionally, there is some support for CBOR Web Tokens (CWT) [RFC8392].

Installation

Add cose to your list of dependencies in mix.exs:

def deps do
  [
    {:cose, git: "https://github.com/geonnave/cose-elixir.git"}
  ]
end

Usage

Sign message for one recipient:

alias COSE.{Messages, Keys}

key = Keys.OKP.generate(:sig)
msg = Messages.Sign1.build("content to sign", %{alg: :eddsa})

# sign and COSE-encode
encoded_msg = Messages.Sign1.sign_encode(msg, key)

# COSE-decode to obtain parameters (e.g. key used) + verify signature
decoded_msg = Messages.Sign1.decode(encoded_msg)
verified_msg = Messages.Sign1.verify(decoded_msg, key)

Encrypt message using static-static key agreement and AES

alias COSE.{Keys, Headers, Messages}

# generate keys
sender_key = Keys.OKP.generate(:enc)
receiver_key = Keys.OKP.generate(:enc)

# create recipient metadata
recipient = %Messages.Recipient{phdr: %{alg: :ecdh_ss_hkdf_256}}
s = %Messages.SuppPubInfo{key_data_length: 128, protected: Headers.tag_phdr(recipient.phdr)}
context = Messages.ContextKDF.build(:aes_ccm_16_64_128, %Messages.PartyInfo{}, %Messages.PartyInfo{}, s)

# create content-encryption key (same as key-encryption key, as we are using a `direct` algorithm)
kek_bytes = Messages.Recipient.derive_kek(sender_key, receiver_key, context)
cek = %Keys.Symmetric{k: kek_bytes, alg: :aes_ccm_16_64_128}

# prepare message
msg_phdr = %{alg: :aes_ccm_16_64_128}
msg_uhdr = %{iv: COSE.tag_as_byte(:crypto.strong_rand_bytes(12))}
msg = Messages.Encrypt.build("content to encrypt", recipient, msg_phdr, msg_uhdr)

# encrypt + COSE-encode
encoded_msg = Messages.Encrypt.encrypt_encode(msg, cek, msg.uhdr.iv.value)

# COSE-decode to obtain parameters (headers, recipients, etc.) + decrypt
decoded_msg = Messages.Encrypt.decode(encoded_msg)
{:ok, decrypted_msg} = Messages.Encrypt.decrypt(decoded_msg, cek, decoded_msg.uhdr.iv.value)

Issue and verify CBOR Web Token with digital signature

alias COSE.{Messages, Keys, CWT}

key = Keys.OKP.generate(:sig)

# create claims, including claims that are application-specific
claims = %{
  expiration: (DateTime.utc_now() |> DateTime.to_unix()) + 60, # one minute
  issuer: "alice",
  subject: "bob",
  custom_claim: "this claim is application-specific",
}
custom_claims = %{custom_claim: 22}

# encode + sign, verify + decode
encoded_token = CWT.sign_encode(claims, key, custom_claims)
verified_token = CWT.verify_decode(encoded_token, key, custom_claims)

About

CBOR Object Signing and Encryption (COSE) [RFC 8152].

Topics

iot security cbor cose

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository

Languages