CBOR Object Signing and Encryption (COSE) (original) (raw)
Created
2017-01-11
Last Updated
2024-06-26
Available Formats
XML
HTML
Plain textRegistries included below
- COSE Header Parameters
- COSE Header Algorithm Parameters
- COSE Algorithms
- COSE Key Common Parameters
- COSE Key Type Parameters
- COSE Key Types
- COSE Elliptic Curves
COSE Header Parameters
Expert(s)
Francesca Palombini, Carsten Bormann
Reference
[RFC9052]
Available Formats
CSVCOSE Header Algorithm Parameters
Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats
COSE Algorithms
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
Available Formats
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values from -65536 to -257 | Specification Required |
| Integer values between -256 and 255 | Standards Action With Expert Review |
| Integer values from 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Value | Description | Capabilities | Change Controller | Reference | Recommended |
|---|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9053] | No | |||
| Unassigned | -65536 | |||||
| RS1 | -65535 | RSASSA-PKCS1-v1_5 using SHA-1 | [kty] | IESG | [RFC8812][RFC9053] | Deprecated |
| A128CTR | -65534 | AES-CTR w/ 128-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A192CTR | -65533 | AES-CTR w/ 192-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A256CTR | -65532 | AES-CTR w/ 256-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A128CBC | -65531 | AES-CBC w/ 128-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A192CBC | -65530 | AES-CBC w/ 192-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A256CBC | -65529 | AES-CBC w/ 256-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| Unassigned | -65528 to -261 | |||||
| WalnutDSA | -260 | WalnutDSA signature | [kty] | [RFC9021][RFC9053] | No | |
| RS512 | -259 | RSASSA-PKCS1-v1_5 using SHA-512 | [kty] | IESG | [RFC8812][RFC9053] | No |
| RS384 | -258 | RSASSA-PKCS1-v1_5 using SHA-384 | [kty] | IESG | [RFC8812][RFC9053] | No |
| RS256 | -257 | RSASSA-PKCS1-v1_5 using SHA-256 | [kty] | IESG | [RFC8812][RFC9053] | No |
| Unassigned | -256 to -48 | |||||
| ES256K | -47 | ECDSA using secp256k1 curve and SHA-256 | [kty] | IESG | [RFC8812][RFC9053] | No |
| HSS-LMS | -46 | HSS/LMS hash-based digital signature | [kty] | [RFC8778][RFC9053] | Yes | |
| SHAKE256 | -45 | SHAKE-256 512-bit Hash Value | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-512 | -44 | SHA-2 512-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-384 | -43 | SHA-2 384-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| RSAES-OAEP w/ SHA-512 | -42 | RSAES-OAEP w/ SHA-512 | [kty] | [RFC8230][RFC9053] | Yes | |
| RSAES-OAEP w/ SHA-256 | -41 | RSAES-OAEP w/ SHA-256 | [kty] | [RFC8230][RFC9053] | Yes | |
| RSAES-OAEP w/ RFC 8017 default parameters | -40 | RSAES-OAEP w/ SHA-1 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS512 | -39 | RSASSA-PSS w/ SHA-512 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS384 | -38 | RSASSA-PSS w/ SHA-384 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS256 | -37 | RSASSA-PSS w/ SHA-256 | [kty] | [RFC8230][RFC9053] | Yes | |
| ES512 | -36 | ECDSA w/ SHA-512 | [kty] | [RFC9053] | Yes | |
| ES384 | -35 | ECDSA w/ SHA-384 | [kty] | [RFC9053] | Yes | |
| ECDH-SS + A256KW | -34 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + A192KW | -33 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + A128KW | -32 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A256KW | -31 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A192KW | -30 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A128KW | -29 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + HKDF-512 | -28 | ECDH SS w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-SS + HKDF-256 | -27 | ECDH SS w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-ES + HKDF-512 | -26 | ECDH ES w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-ES + HKDF-256 | -25 | ECDH ES w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| Unassigned | -24 to -19 | |||||
| SHAKE128 | -18 | SHAKE-128 256-bit Hash Value | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-512/256 | -17 | SHA-2 512-bit Hash truncated to 256-bits | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-256 | -16 | SHA-2 256-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-256/64 | -15 | SHA-2 256-bit Hash truncated to 64-bits | [kty] | [RFC9054][RFC9053] | Filter Only | |
| SHA-1 | -14 | SHA-1 Hash | [kty] | [RFC9054][RFC9053] | Filter Only | |
| direct+HKDF-AES-256 | -13 | Shared secret w/ AES-MAC 256-bit key | [kty] | [RFC9053] | Yes | |
| direct+HKDF-AES-128 | -12 | Shared secret w/ AES-MAC 128-bit key | [kty] | [RFC9053] | Yes | |
| direct+HKDF-SHA-512 | -11 | Shared secret w/ HKDF and SHA-512 | [kty] | [RFC9053] | Yes | |
| direct+HKDF-SHA-256 | -10 | Shared secret w/ HKDF and SHA-256 | [kty] | [RFC9053] | Yes | |
| Unassigned | -9 | |||||
| EdDSA | -8 | EdDSA | [kty] | [RFC9053] | Yes | |
| ES256 | -7 | ECDSA w/ SHA-256 | [kty] | [RFC9053] | Yes | |
| direct | -6 | Direct use of CEK | [kty] | [RFC9053] | Yes | |
| A256KW | -5 | AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| A192KW | -4 | AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| A128KW | -3 | AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| Unassigned | -2 to -1 | |||||
| Reserved | 0 | [RFC9053] | No | |||
| A128GCM | 1 | AES-GCM mode w/ 128-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| A192GCM | 2 | AES-GCM mode w/ 192-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| A256GCM | 3 | AES-GCM mode w/ 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| HMAC 256/64 | 4 | HMAC w/ SHA-256 truncated to 64 bits | [kty] | [RFC9053] | Yes | |
| HMAC 256/256 | 5 | HMAC w/ SHA-256 | [kty] | [RFC9053] | Yes | |
| HMAC 384/384 | 6 | HMAC w/ SHA-384 | [kty] | [RFC9053] | Yes | |
| HMAC 512/512 | 7 | HMAC w/ SHA-512 | [kty] | [RFC9053] | Yes | |
| Unassigned | 8-9 | |||||
| AES-CCM-16-64-128 | 10 | AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-16-64-256 | 11 | AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-64-128 | 12 | AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-64-256 | 13 | AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-MAC 128/64 | 14 | AES-MAC 128-bit key, 64-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 256/64 | 15 | AES-MAC 256-bit key, 64-bit tag | [kty] | [RFC9053] | Yes | |
| Unassigned | 16-23 | |||||
| ChaCha20/Poly1305 | 24 | ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 128/128 | 25 | AES-MAC 128-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 256/128 | 26 | AES-MAC 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| Unassigned | 27-29 | |||||
| AES-CCM-16-128-128 | 30 | AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-16-128-256 | 31 | AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-128-128 | 32 | AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-128-256 | 33 | AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| IV-GENERATION | 34 | For doing IV generation for symmetric algorithms. | [RFC9053] | No |
COSE Key Common Parameters
Expert(s)
Francesca Palombini, Carsten Bormann
Reference
[RFC9052]
Available Formats
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values in the range -65536 to -1 | used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry |
| Integer values between 0 and 255 | Standards Action With Expert Review |
| Integer values from 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Label | CBOR Type | Value Registry | Description | Reference |
|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9052] | |||
| used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry | -65536 to -1 | [RFC9052] | |||
| Reserved | 0 | [RFC9052] | |||
| kty | 1 | tstr / int | COSE Key Types | Identification of the key type | [RFC9052] |
| kid | 2 | bstr | Key identification value - match to kid in message | [RFC9052] | |
| alg | 3 | tstr / int | COSE Algorithms | Key usage restriction to this algorithm | [RFC9052] |
| key_ops | 4 | [+ (tstr/int)] | Restrict set of permissible operations | [RFC9052] | |
| Base IV | 5 | bstr | Base IV to be XORed with Partial IVs | [RFC9052] |
COSE Key Type Parameters
Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats
| Key Type | Name | Label | CBOR Type | Description | Reference |
|---|---|---|---|---|---|
| 1 | crv | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry | [RFC9053] |
| 1 | x | -2 | bstr | Public Key | [RFC9053] |
| 1 | d | -4 | bstr | Private key | [RFC9053] |
| 2 | crv | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry | [RFC9053] |
| 2 | x | -2 | bstr | x-coordinate | [RFC9053] |
| 2 | y | -3 | bstr / bool | y-coordinate | [RFC9053] |
| 2 | d | -4 | bstr | Private key | [RFC9053] |
| 3 | n | -1 | bstr | the RSA modulus n | [RFC8230] |
| 3 | e | -2 | bstr | the RSA public exponent e | [RFC8230] |
| 3 | d | -3 | bstr | the RSA private exponent d | [RFC8230] |
| 3 | p | -4 | bstr | the prime factor p of n | [RFC8230] |
| 3 | q | -5 | bstr | the prime factor q of n | [RFC8230] |
| 3 | dP | -6 | bstr | dP is d mod (p - 1) | [RFC8230] |
| 3 | dQ | -7 | bstr | dQ is d mod (q - 1) | [RFC8230] |
| 3 | qInv | -8 | bstr | qInv is the CRT coefficient q^(-1) mod p | [RFC8230] |
| 3 | other | -9 | array | other prime infos, an array | [RFC8230] |
| 3 | r_i | -10 | bstr | a prime factor r_i of n, where i >= 3 | [RFC8230] |
| 3 | d_i | -11 | bstr | d_i = d mod (r_i - 1) | [RFC8230] |
| 3 | t_i | -12 | bstr | the CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) mod r_i | [RFC8230] |
| 4 | k | -1 | bstr | Key Value | [RFC9053] |
| 5 | pub | -1 | bstr | Public key for HSS/LMS hash-based digital signature | [RFC8778] |
| 6 | N | -1 | uint | Group and Matrix (NxN) size | [RFC9021] |
| 6 | q | -2 | uint | Finite field F_q | [RFC9021] |
| 6 | t-values | -3 | array (of uint) | List of T-values, entries in F_q | [RFC9021] |
| 6 | matrix 1 | -4 | array (of array of uint) | NxN Matrix of entries in F_q in column-major form | [RFC9021] |
| 6 | permutation 1 | -5 | array (of uint) | Permutation associated with matrix 1 | [RFC9021] |
| 6 | matrix 2 | -6 | array (of array of uint) | NxN Matrix of entries in F_q in column-major form | [RFC9021] |
COSE Key Types
Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats
| Name | Value | Description | Capabilities | Reference |
|---|---|---|---|---|
| Reserved | 0 | This value is reserved | [RFC9053] | |
| OKP | 1 | Octet Key Pair | [kty(1), crv] | [RFC9053] |
| EC2 | 2 | Elliptic Curve Keys w/ x- and y-coordinate pair | [kty(2), crv] | [RFC9053] |
| RSA | 3 | RSA Key | [kty(3)] | [RFC8230][RFC9053] |
| Symmetric | 4 | Symmetric Keys | [kty(4)] | [RFC9053] |
| HSS-LMS | 5 | Public key for HSS/LMS hash-based digital signature | [kty(5), hash algorithm] | [RFC8778][RFC9053] |
| WalnutDSA | 6 | WalnutDSA public key | [kty(6)] | [RFC9021][RFC9053] |
COSE Elliptic Curves
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values -65536 to -257 | Specification Required |
| Integer values -256 to 255 | Standards Action With Expert Review |
| Integer values 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Name | Value | Key Type | Description | Change Controller | Reference | Recommended |
|---|---|---|---|---|---|---|
| Reserved for Private Use | Integer values less than -65536 | [RFC9053] | No | |||
| Unassigned | -65536 to -1 | |||||
| Reserved | 0 | [RFC9053] | No | |||
| P-256 | 1 | EC2 | NIST P-256 also known as secp256r1 | [RFC9053] | Yes | |
| P-384 | 2 | EC2 | NIST P-384 also known as secp384r1 | [RFC9053] | Yes | |
| P-521 | 3 | EC2 | NIST P-521 also known as secp521r1 | [RFC9053] | Yes | |
| X25519 | 4 | OKP | X25519 for use w/ ECDH only | [RFC9053] | Yes | |
| X448 | 5 | OKP | X448 for use w/ ECDH only | [RFC9053] | Yes | |
| Ed25519 | 6 | OKP | Ed25519 for use w/ EdDSA only | [RFC9053] | Yes | |
| Ed448 | 7 | OKP | Ed448 for use w/ EdDSA only | [RFC9053] | Yes | |
| secp256k1 | 8 | EC2 | SECG secp256k1 curve | IESG | [RFC8812] | No |
| Unassigned | 9-255 | |||||
| brainpoolP256r1 | 256 | EC2 | BrainpoolP256r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP320r1 | 257 | EC2 | BrainpoolP320r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP384r1 | 258 | EC2 | BrainpoolP384r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP512r1 | 259 | EC2 | BrainpoolP512r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |