Internet Assigned Numbers Authority CBOR Object Signing and Encryption (COSE) Created 2017-01-11 Last Updated 2025-06-16 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries Included Below • COSE Header Parameters • COSE Header Algorithm Parameters • COSE Algorithms • COSE Key Common Parameters • COSE Key Type Parameters • COSE Key Types • COSE Elliptic Curves COSE Header Parameters Expert(s) Francesca Palombini, Carsten Bormann Reference [RFC9052] Available Formats [IMG] CSV Range Registration Procedures Integers less than -65536 Private Use Integer values in the range -1 to -65536 delegated to the COSE Header Algorithm Parameters registry Integer values between 1 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Label Value Type Value Registry Description Reference Reserved for less Private Use than [RFC9052] -65536 delegated to the COSE Header -65536 Algorithm to -1 Parameters registry Reserved 0 [RFC9052] alg 1 int / tstr COSE Algorithms registry Cryptographic [RFC9052] algorithm to use crit 2 [+ label] COSE Header Parameters registry Critical headers [RFC9052] to be understood content type 3 tstr / uint [COAP Content-Formats] or [Media Content type of [RFC9052] Types] registry the payload kid 4 bstr Key identifier [RFC9052] Full IV 5 bstr Initialization [RFC9052] Vector Partial Partial IV 6 bstr Initialization [RFC9052] Vector CBOR-encoded COSE_Signature / [+ signature counter signature 7 COSE_Signature ] structure [RFC8152] (Deprecated by [RFC9338]) Unassigned 8 Counter signature with implied CounterSignature0 9 bstr signer and headers [RFC8152] (Deprecated by [RFC9338]) Identifies the kid context 10 bstr context for the [RFC8613, Section 5.1] key identifier Countersignature COSE_Countersignature / V2 version 2 11 [+ countersignature [RFC9338] COSE_Countersignature] attribute Countersignature0 12 COSE_Countersignature0 V2 Abbreviated [RFC9338] version 2 Countersignature A CBOR Web Token (CWT) containing a COSE_Key in a 'cnf' claim and possibly other kcwt 13 COSE_Messages claims. CWT is [RFC9528] defined in [RFC8392]. COSE_Messages is defined in [RFC9052]. A CWT Claims Set (CCS) containing a COSE_Key in a kccs 14 map 'cnf' claim and [RFC9528] possibly other claims. CCS is defined in [RFC8392]. Location for CWT CWT Claims 15 map map keys in [CWT Claims] Claims in COSE [RFC9597, Section 2] Header Parameters. [COAP Content-Formats] or [Media Content type of typ (type) 16 uint / tstr Types] registry the complete COSE [RFC9596, Section 2] object Unassigned 17-21 Hash of a C509Certificate (TEMPORARY - registered c5t 22 COSE_CertHash 2024-03-11, [draft-ietf-cose-cbor-encoded-cert-12] extension registered 2025-02-28, expires 2025-03-11) URI pointing to a COSE_C509 containing an ordered chain of certificates (TEMPORARY - c5u 23 uri registered [draft-ietf-cose-cbor-encoded-cert-12] 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) An unordered bag of C509 certificates (TEMPORARY - registered c5b 24 COSE_C509 2024-03-11, [draft-ietf-cose-cbor-encoded-cert-12] extension registered 2025-02-28, expires 2025-03-11) An ordered chain of C509 certificates (TEMPORARY - registered c5c 25 COSE_C509 2024-03-11, [draft-ietf-cose-cbor-encoded-cert-12] extension registered 2025-02-28, expires 2025-03-11) Unassigned 26-31 An unordered bag x5bag 32 COSE_X509 of X.509 [RFC9360] certificates An ordered chain x5chain 33 COSE_X509 of X.509 [RFC9360] certificates x5t 34 COSE_CertHash Hash of an X.509 [RFC9360] certificate x5u 35 uri URI pointing to an [RFC9360] X.509 certificate Unassigned 36-255 CUPHNonce 256 bstr Challenge Nonce [FIDO Device Onboard Specification] CUPHOwnerPubKey 257 array Public Key [FIDO Device Onboard Specification] The hash algorithm used to produce the payload of a COSE_Sign1 [draft-ietf-cose-hash-envelope-03, payload-hash-alg 258 int [COSE Algorithms] registry (TEMPORARY - Section 3] registered 2025-03-05, expires 2026-03-05) The content-format number or content-type (media-type name) of data that has been hashed to preimage content 259 uint / tstr [CoAP Content-Formats] registry produce the [draft-ietf-cose-hash-envelope-03, type payload of the Section 3] COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) The string or URI hint for the location of the data hashed to produce the payload-location 260 tstr payload of a [draft-ietf-cose-hash-envelope-03, COSE_Sign1 Section 3] (TEMPORARY - registered 2025-03-05, expires 2026-03-05) CBOR array of [Clause 5.2.2 of ETSI TS 119152-1 x5ts 261 array of COSE_CertHash instances of V0.0.9] COSE_CertHash set of commitments srCms 262 array of SrCm and optional [Clause 5.2.3 of ETSI TS 119152-1 commitments V0.0.9] qualifiers CBOR map for indicating the location where the signature was generated. It may contain an sigPl 263 map indication of the [Clause 5.2.4 of ETSI TS 119152-1 country, the V0.0.9] locality, the region, a box number in a post office, the postal code, and the street address CBOR map that may contain: an array of attributes that the signer claims to be in possession of, an array of attribute certificates (X.509 attribute srAts 264 map certificates or [Clause 5.2.5 of ETSI TS 119152-1 other) issued to V0.0.9] the signer, an array of signed assertions issued by a third party to the signer, or any combination of the three aforementioned CBOR arrays CBOR map that encapsulates one or more electronic time-stamps, generated before the signature [Clause 5.2.6 of ETSI TS 119152-1 adoTst 265 map production, and V0.0.9] whose message imprint computation input is the COSE Payload of the CB-AdES signature CBOR map that identifies a certain signature sigPId 266 map policy and may [Clause 5.2.7 of ETSI TS 119152-1 contain the digest V0.0.9] of the document defining this signature policy. CBOR map that references data objects that are sigD 267 map detached from the [Clause 5.2.8 of ETSI TS 119152-1 CB-AdES signature V0.0.9] and that are collectively signed. CBOR array that contains a number of CBOR elements that are placed [Clause 5.3.1 of ETSI TS 119152-1 uHeaders 268 [+bstr] within the array V0.0.9] in the order they are incorporated into the CB-AdES signature Unassigned 269-393 Priority ordered sequence of CBOR encoded Receipts receipts 394 array (TEMPORARY - [draft-ietf-cose-merkle-tree-proofs-14, registered Section 2] 2025-05-16, expires 2026-05-16) Algorithm identifier for verifiable data COSE Verifiable Data Structure (to structures, used be created for to produce vds 395 int draft-ietf-cose-merkle-tree-proofs verifiable data [draft-ietf-cose-merkle-tree-proofs-14, upon approval for publication as an structure proofs Section 2] RFC) (TEMPORARY - registered 2025-05-16, expires 2026-05-16) Location for verifiable data map key in COSE Verifiable Data structure proofs Structure Proofs (to be created for in COSE Header vdp 396 map draft-ietf-cose-merkle-tree-proofs Parameters [draft-ietf-cose-merkle-tree-proofs-14, upon approval for publication as an (TEMPORARY - Section 2] RFC) registered 2025-05-16, expires 2026-05-16) COSE Header Algorithm Parameters Registration Procedure(s) Expert Review Expert(s) Göran Selander, Derek Atkins, Sean Turner Reference [RFC9053] Available Formats [IMG] CSV Name Algorithm Label Type Description Reference Unassigned -65536 to -30 x5chain-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -29 COSE_X509 static key X.509 [RFC9360] ECDH-SS+A192KW, ECDH-SS+A256KW certificate chain x5u-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -28 uri URI for the sender's X.509 [RFC9360] ECDH-SS+A192KW, ECDH-SS+A256KW certificate x5t-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -27 COSE_CertHash Thumbprint for the sender's [RFC9360] ECDH-SS+A192KW, ECDH-SS+A256KW X.509 certificate direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party V other provided PartyV other ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -26 bstr information [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyV nonce ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -25 bstr / int Party V provided nonce [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party V identity PartyV identity ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -24 bstr information [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party U other provided PartyU other ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -23 bstr information [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyU nonce ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -22 bstr / int Party U provided nonce [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party U identity PartyU identity ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -21 bstr information [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, salt ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -20 bstr Random salt [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW Unassigned -19 to -4 static key id ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -3 bstr Static public key [RFC9053] ECDH-SS+A192KW, ECDH-SS+A256KW identifier for the sender static key ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -2 COSE_Key Static public key for the [RFC9053] ECDH-SS+A192KW, ECDH-SS+A256KW sender ephemeral key ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, -1 COSE_Key Ephemeral public key for [RFC9053] ECDH-ES+A192KW, ECDH-ES+A256KW the sender COSE Algorithms Expert(s) Göran Selander, Derek Atkins, Sean Turner Reference [RFC9053][RFC9054][RFC-ietf-jose-fully-specified-algorithms-13, Section 4.3.1] Available Formats [IMG] CSV Range Registration Procedures Integers less than -65536 Private Use Integer values from -65536 to -257 Specification Required Integer values between -256 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Value Description Capabilities Change Reference Recommended Controller Reserved for Private less Use than [RFC9053] No -65536 Unassigned -65536 RS1 -65535 RSASSA-PKCS1-v1_5 [kty] IESG [RFC8812][RFC9053] Deprecated using SHA-1 A128CTR -65534 AES-CTR w/ 128-bit [kty] IETF [RFC9459] Deprecated key A192CTR -65533 AES-CTR w/ 192-bit [kty] IETF [RFC9459] Deprecated key A256CTR -65532 AES-CTR w/ 256-bit [kty] IETF [RFC9459] Deprecated key A128CBC -65531 AES-CBC w/ 128-bit [kty] IETF [RFC9459] Deprecated key A192CBC -65530 AES-CBC w/ 192-bit [kty] IETF [RFC9459] Deprecated key A256CBC -65529 AES-CBC w/ 256-bit [kty] IETF [RFC9459] Deprecated key Unassigned -65528 to -269 ECDSA using ESB512 -268 BrainpoolP512r1 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No and SHA-512 ECDSA using ESB384 -267 BrainpoolP384r1 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No and SHA-384 ECDSA using ESB320 -266 BrainpoolP320r1 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No and SHA-384 ECDSA using ESB256 -265 BrainpoolP256r1 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No and SHA-256 KT256 -264 KT256 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No KT128 -263 KT128 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No TurboSHAKE256 -262 TurboSHAKE256 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No TurboSHAKE128 -261 TurboSHAKE128 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No WalnutDSA -260 WalnutDSA signature [kty] [RFC9021][RFC9053] No RS512 -259 RSASSA-PKCS1-v1_5 [kty] IESG [RFC8812][RFC9053] No using SHA-512 RS384 -258 RSASSA-PKCS1-v1_5 [kty] IESG [RFC8812][RFC9053] No using SHA-384 RS256 -257 RSASSA-PKCS1-v1_5 [kty] IESG [RFC8812][RFC9053] No using SHA-256 Unassigned -256 to -54 Ed448 -53 EdDSA using Ed448 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes curve ESP512 -52 ECDSA using P-521 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes curve and SHA-512 ESP384 -51 ECDSA using P-384 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes curve and SHA-384 CBOR Object Signing Algorithm for ML-DSA-87 -50 ML-DSA-87 (TEMPORARY [kty] [draft-ietf-cose-dilithium-06] Yes - registered 2025-04-24, expires 2026-04-24) CBOR Object Signing Algorithm for ML-DSA-65 -49 ML-DSA-65 (TEMPORARY [kty] [draft-ietf-cose-dilithium-06] Yes - registered 2025-04-24, expires 2026-04-24) CBOR Object Signing Algorithm for ML-DSA-44 -48 ML-DSA-44 (TEMPORARY [kty] [draft-ietf-cose-dilithium-06] Yes - registered 2025-04-24, expires 2026-04-24) ES256K -47 ECDSA using secp256k1 [kty] IESG [RFC8812][RFC9053] No curve and SHA-256 HSS-LMS -46 HSS/LMS hash-based [kty] [RFC8778][RFC9053] Yes digital signature SHAKE256 -45 SHAKE-256 512-bit [kty] [RFC9054][RFC9053] Yes Hash Value SHA-512 -44 SHA-2 512-bit Hash [kty] [RFC9054][RFC9053] Yes SHA-384 -43 SHA-2 384-bit Hash [kty] [RFC9054][RFC9053] Yes RSAES-OAEP w/ SHA-512 -42 RSAES-OAEP w/ SHA-512 [kty] [RFC8230][RFC9053] Yes RSAES-OAEP w/ SHA-256 -41 RSAES-OAEP w/ SHA-256 [kty] [RFC8230][RFC9053] Yes RSAES-OAEP w/ RFC 8017 -40 RSAES-OAEP w/ SHA-1 [kty] [RFC8230][RFC9053] Yes default parameters PS512 -39 RSASSA-PSS w/ SHA-512 [kty] [RFC8230][RFC9053] Yes PS384 -38 RSASSA-PSS w/ SHA-384 [kty] [RFC8230][RFC9053] Yes PS256 -37 RSASSA-PSS w/ SHA-256 [kty] [RFC8230][RFC9053] Yes ES512 -36 ECDSA w/ SHA-512 [kty] [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated ES384 -35 ECDSA w/ SHA-384 [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated ECDH SS w/ Concat KDF ECDH-SS + A256KW -34 and AES Key Wrap w/ [kty] [RFC9053] Yes 256-bit key ECDH SS w/ Concat KDF ECDH-SS + A192KW -33 and AES Key Wrap w/ [kty] [RFC9053] Yes 192-bit key ECDH SS w/ Concat KDF ECDH-SS + A128KW -32 and AES Key Wrap w/ [kty] [RFC9053] Yes 128-bit key ECDH ES w/ Concat KDF ECDH-ES + A256KW -31 and AES Key Wrap w/ [kty] [RFC9053] Yes 256-bit key ECDH ES w/ Concat KDF ECDH-ES + A192KW -30 and AES Key Wrap w/ [kty] [RFC9053] Yes 192-bit key ECDH ES w/ Concat KDF ECDH-ES + A128KW -29 and AES Key Wrap w/ [kty] [RFC9053] Yes 128-bit key ECDH-SS + HKDF-512 -28 ECDH SS w/ HKDF - [kty] [RFC9053] Yes generate key directly ECDH-SS + HKDF-256 -27 ECDH SS w/ HKDF - [kty] [RFC9053] Yes generate key directly ECDH-ES + HKDF-512 -26 ECDH ES w/ HKDF - [kty] [RFC9053] Yes generate key directly ECDH-ES + HKDF-256 -25 ECDH ES w/ HKDF - [kty] [RFC9053] Yes generate key directly Unassigned -24 to -20 Ed25519 -19 EdDSA using Ed25519 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes curve SHAKE128 -18 SHAKE-128 256-bit [kty] [RFC9054][RFC9053] Yes Hash Value SHA-512/256 -17 SHA-2 512-bit Hash [kty] [RFC9054][RFC9053] Yes truncated to 256-bits SHA-256 -16 SHA-2 256-bit Hash [kty] [RFC9054][RFC9053] Yes SHA-256/64 -15 SHA-2 256-bit Hash [kty] [RFC9054][RFC9053] Filter Only truncated to 64-bits SHA-1 -14 SHA-1 Hash [kty] [RFC9054][RFC9053] Filter Only direct+HKDF-AES-256 -13 Shared secret w/ [kty] [RFC9053] Yes AES-MAC 256-bit key direct+HKDF-AES-128 -12 Shared secret w/ [kty] [RFC9053] Yes AES-MAC 128-bit key direct+HKDF-SHA-512 -11 Shared secret w/ HKDF [kty] [RFC9053] Yes and SHA-512 direct+HKDF-SHA-256 -10 Shared secret w/ HKDF [kty] [RFC9053] Yes and SHA-256 ESP256 -9 ECDSA using P-256 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes curve and SHA-256 EdDSA -8 EdDSA [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated ES256 -7 ECDSA w/ SHA-256 [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated direct -6 Direct use of CEK [kty] [RFC9053] Yes A256KW -5 AES Key Wrap w/ [kty] [RFC9053] Yes 256-bit key A192KW -4 AES Key Wrap w/ [kty] [RFC9053] Yes 192-bit key A128KW -3 AES Key Wrap w/ [kty] [RFC9053] Yes 128-bit key Unassigned -2 to -1 Reserved 0 [RFC9053] No AES-GCM mode w/ A128GCM 1 128-bit key, 128-bit [kty] [RFC9053] Yes tag AES-GCM mode w/ A192GCM 2 192-bit key, 128-bit [kty] [RFC9053] Yes tag AES-GCM mode w/ A256GCM 3 256-bit key, 128-bit [kty] [RFC9053] Yes tag HMAC 256/64 4 HMAC w/ SHA-256 [kty] [RFC9053] Yes truncated to 64 bits HMAC 256/256 5 HMAC w/ SHA-256 [kty] [RFC9053] Yes HMAC 384/384 6 HMAC w/ SHA-384 [kty] [RFC9053] Yes HMAC 512/512 7 HMAC w/ SHA-512 [kty] [RFC9053] Yes Unassigned 8-9 AES-CCM mode 128-bit AES-CCM-16-64-128 10 key, 64-bit tag, [kty] [RFC9053] Yes 13-byte nonce AES-CCM mode 256-bit AES-CCM-16-64-256 11 key, 64-bit tag, [kty] [RFC9053] Yes 13-byte nonce AES-CCM mode 128-bit AES-CCM-64-64-128 12 key, 64-bit tag, [kty] [RFC9053] Yes 7-byte nonce AES-CCM mode 256-bit AES-CCM-64-64-256 13 key, 64-bit tag, [kty] [RFC9053] Yes 7-byte nonce AES-MAC 128/64 14 AES-MAC 128-bit key, [kty] [RFC9053] Yes 64-bit tag AES-MAC 256/64 15 AES-MAC 256-bit key, [kty] [RFC9053] Yes 64-bit tag Unassigned 16-23 ChaCha20/Poly1305 w/ ChaCha20/Poly1305 24 256-bit key, 128-bit [kty] [RFC9053] Yes tag AES-MAC 128/128 25 AES-MAC 128-bit key, [kty] [RFC9053] Yes 128-bit tag AES-MAC 256/128 26 AES-MAC 256-bit key, [kty] [RFC9053] Yes 128-bit tag Unassigned 27-29 AES-CCM mode 128-bit AES-CCM-16-128-128 30 key, 128-bit tag, [kty] [RFC9053] Yes 13-byte nonce AES-CCM mode 256-bit AES-CCM-16-128-256 31 key, 128-bit tag, [kty] [RFC9053] Yes 13-byte nonce AES-CCM mode 128-bit AES-CCM-64-128-128 32 key, 128-bit tag, [kty] [RFC9053] Yes 7-byte nonce AES-CCM mode 256-bit AES-CCM-64-128-256 33 key, 128-bit tag, [kty] [RFC9053] Yes 7-byte nonce For doing IV IV-GENERATION 34 generation for [RFC9053] No symmetric algorithms. COSE Key Common Parameters Expert(s) Francesca Palombini, Carsten Bormann Reference [RFC9052] Available Formats [IMG] CSV Range Registration Procedures Integers less than -65536 Private Use Integer values in the range -65536 to -1 used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry Integer values between 0 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Label CBOR Type Value Registry Description Reference Reserved for Private Use less than -65536 [RFC9052] used for key parameters specific to a single algorithm delegated to the COSE Key Type -65536 to -1 [RFC9052] Parameters registry Reserved 0 [RFC9052] kty 1 tstr / int COSE Key Types Identification of the key type [RFC9052] kid 2 bstr Key identification value - match to [RFC9052] kid in message alg 3 tstr / int COSE Algorithms Key usage restriction to this [RFC9052] algorithm key_ops 4 [+ (tstr/int)] Restrict set of permissible [RFC9052] operations Base IV 5 bstr Base IV to be XORed with Partial IVs [RFC9052] COSE Key Type Parameters Registration Procedure(s) Expert Review Expert(s) Göran Selander, Derek Atkins, Sean Turner Reference [RFC9053] Available Formats [IMG] CSV Key Type Name Label CBOR Type Description Reference 1 crv -1 int / tstr EC identifier -- Taken from the "COSE Elliptic Curves" [RFC9053] registry 1 x -2 bstr Public Key [RFC9053] 1 d -4 bstr Private key [RFC9053] 2 crv -1 int / tstr EC identifier -- Taken from the "COSE Elliptic Curves" [RFC9053] registry 2 x -2 bstr x-coordinate [RFC9053] 2 y -3 bstr / bool y-coordinate [RFC9053] 2 d -4 bstr Private key [RFC9053] 3 n -1 bstr the RSA modulus n [RFC8230] 3 e -2 bstr the RSA public exponent e [RFC8230] 3 d -3 bstr the RSA private exponent d [RFC8230] 3 p -4 bstr the prime factor p of n [RFC8230] 3 q -5 bstr the prime factor q of n [RFC8230] 3 dP -6 bstr dP is d mod (p - 1) [RFC8230] 3 dQ -7 bstr dQ is d mod (q - 1) [RFC8230] 3 qInv -8 bstr qInv is the CRT coefficient q^(-1) mod p [RFC8230] 3 other -9 array other prime infos, an array [RFC8230] 3 r_i -10 bstr a prime factor r_i of n, where i >= 3 [RFC8230] 3 d_i -11 bstr d_i = d mod (r_i - 1) [RFC8230] 3 t_i -12 bstr the CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) [RFC8230] mod r_i 4 k -1 bstr Key Value [RFC9053] 5 pub -1 bstr Public key for HSS/LMS hash-based digital signature [RFC8778] 6 N -1 uint Group and Matrix (NxN) size [RFC9021] 6 q -2 uint Finite field F_q [RFC9021] 6 t-values -3 array (of uint) List of T-values, entries in F_q [RFC9021] 6 matrix 1 -4 array (of array of uint) NxN Matrix of entries in F_q in column-major form [RFC9021] 6 permutation 1 -5 array (of uint) Permutation associated with matrix 1 [RFC9021] 6 matrix 2 -6 array (of array of uint) NxN Matrix of entries in F_q in column-major form [RFC9021] 7 pub -1 bstr Public key [draft-ietf-cose-dilithium-06] COSE Key Types Registration Procedure(s) Expert Review Expert(s) Göran Selander, Derek Atkins, Sean Turner Reference [RFC9053] Available Formats [IMG] CSV Name Value Description Capabilities Reference Reserved 0 This value is reserved [RFC9053] OKP 1 Octet Key Pair [kty(1), crv] [RFC9053] EC2 2 Elliptic Curve Keys w/ x- and y-coordinate pair [kty(2), crv] [RFC9053] RSA 3 RSA Key [kty(3)] [RFC8230][RFC9053] Symmetric 4 Symmetric Keys [kty(4)] [RFC9053] HSS-LMS 5 Public key for HSS/LMS hash-based digital signature [kty(5), hash algorithm] [RFC8778][RFC9053] WalnutDSA 6 WalnutDSA public key [kty(6)] [RFC9021][RFC9053] AKP 7 COSE Key Type for Algorithm Key Pairs [kty(7)] [draft-ietf-cose-dilithium-06] COSE Elliptic Curves Expert(s) Göran Selander, Derek Atkins, Sean Turner Reference [RFC9053] Available Formats [IMG] CSV Range Registration Procedures Integers less than -65536 Private Use Integer values -65536 to -257 Specification Required Integer values -256 to 255 Standards Action With Expert Review Integer values 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Name Value Key Type Description Change Controller Reference Recommended Reserved for Private Use Integer values less [RFC9053] No than -65536 Unassigned -65536 to -1 Reserved 0 [RFC9053] No P-256 1 EC2 NIST P-256 also known as [RFC9053] Yes secp256r1 P-384 2 EC2 NIST P-384 also known as [RFC9053] Yes secp384r1 P-521 3 EC2 NIST P-521 also known as [RFC9053] Yes secp521r1 X25519 4 OKP X25519 for use w/ ECDH only [RFC9053] Yes X448 5 OKP X448 for use w/ ECDH only [RFC9053] Yes Ed25519 6 OKP Ed25519 for use w/ EdDSA only [RFC9053] Yes Ed448 7 OKP Ed448 for use w/ EdDSA only [RFC9053] Yes secp256k1 8 EC2 SECG secp256k1 curve IESG [RFC8812] No Unassigned 9-255 brainpoolP256r1 256 EC2 BrainpoolP256r1 [ISO/IEC JTC 1/SC [ISO/IEC 18013-5:2021, No 17/WG 10] 9.1.5.2] brainpoolP320r1 257 EC2 BrainpoolP320r1 [ISO/IEC JTC 1/SC [ISO/IEC 18013-5:2021, No 17/WG 10] 9.1.5.2] brainpoolP384r1 258 EC2 BrainpoolP384r1 [ISO/IEC JTC 1/SC [ISO/IEC 18013-5:2021, No 17/WG 10] 9.1.5.2] brainpoolP512r1 259 EC2 BrainpoolP512r1 [ISO/IEC JTC 1/SC [ISO/IEC 18013-5:2021, No 17/WG 10] 9.1.5.2] Licensing Terms