CBOR Object Signing and Encryption (COSE) Created 2017-01-11 Last Updated 2020-06-19 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * COSE Header Parameters * COSE Header Algorithm Parameters * COSE Algorithms * COSE Key Common Parameters * COSE Key Type Parameters * COSE Key Types * COSE Elliptic Curves COSE Header Parameters Expert(s) Francesca Palombini, Matt Miller, Justin Richer, Carsten Bormann Reference [RFC8152] Available Formats [IMG] CSV Range Registration Procedures Integer values in the range -1 to -65536 delegated to the COSE Header Algorithm Parameters registry Integer values between 1 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Label Value Type Value Registry Description Reference Reserved for Private Use less than [RFC8152] -65536 delegated to the COSE Header -65536 to -1 Algorithm Parameters registry Reserved 0 [RFC8152] alg 1 int / tstr COSE Algorithms registry Cryptographic algorithm [RFC8152] to use crit 2 [+ label] COSE Header Parameters Critical headers to be [RFC8152] registry understood content type 3 tstr / uint [COAP Content-Formats] or Content type of the [RFC8152] [Media Types] registry payload kid 4 bstr Key identifier [RFC8152] IV 5 bstr Full Initialization [RFC8152] Vector Partial IV 6 bstr Partial Initialization [RFC8152] Vector counter signature 7 COSE_Signature / [+ CBOR-encoded signature [RFC8152] COSE_Signature ] structure Unassigned 8 Counter signature with CounterSignature0 9 bstr implied signer and [RFC8152] headers kid context 10 bstr Identifies the context [RFC8613, Section 5.1] for the key identifier Unassigned 11-31 x5bag (TEMPORARY - registered 32 COSE_X509 An unordered bag of [draft-ietf-cose-x509] 2019-08-20, expires 2020-08-20) X.509 certificates x5chain (TEMPORARY - registered 33 COSE_X509 An ordered chain of [draft-ietf-cose-x509] 2019-08-20, expires 2020-08-20) X.509 certificates x5t (TEMPORARY - registered 34 COSE_CertHash Hash of an X.509 [draft-ietf-cose-x509] 2019-08-20, expires 2020-08-20) certificate x5u (TEMPORARY - registered 35 uri URI pointing to an X.509 [draft-ietf-cose-x509] 2019-08-20, expires 2020-08-20) certificate COSE Header Algorithm Parameters Registration Procedure(s) Expert Review Expert(s) Jim Schaad, Göran Selander, Derek Atkins, Sean Turner Reference [RFC8152] Available Formats [IMG] CSV Name Algorithm Label Type Description Reference Unassigned -65536 to -27 direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party V other provided PartyV other ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -26 bstr information [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyV nonce ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -25 bstr / int Party V provided nonce [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyV identity ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -24 bstr Party V identity information [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, Party U other provided PartyU other ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -23 bstr information [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyU nonce ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -22 bstr / int Party U provided nonce [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, PartyU identity ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -21 bstr Party U identity information [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, salt ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, -20 bstr Random salt [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW Unassigned -19 to -4 static key id ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -3 bstr Static public key identifier [RFC8152] ECDH-SS+A192KW, ECDH-SS+A256KW for the sender static key ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, -2 COSE_Key Static public key for the [RFC8152] ECDH-SS+A192KW, ECDH-SS+A256KW sender ephemeral key ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, -1 COSE_Key Ephemeral public key for the [RFC8152] ECDH-ES+A192KW, ECDH-ES+A256KW sender COSE Algorithms Expert(s) Jim Schaad, Göran Selander, Derek Atkins, Sean Turner Reference [RFC8152] Available Formats [IMG] CSV Range Registration Procedures Integer values from -65536 to -257 Specification Required Integer values between -256 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Value Description Reference Recommended Reserved for Private Use less than -65536 [RFC8152] No Unassigned -65536 RS1 -65535 RSASSA-PKCS1-v1_5 w/ SHA-1 [RFC-ietf-cose-webauthn-algorithms-08] Deprecated Unassigned -65534 to -260 RS512 -259 RSASSA-PKCS1-v1_5 w/ SHA-512 [RFC-ietf-cose-webauthn-algorithms-08] No RS384 -258 RSASSA-PKCS1-v1_5 w/ SHA-384 [RFC-ietf-cose-webauthn-algorithms-08] No RS256 -257 RSASSA-PKCS1-v1_5 w/ SHA-256 [RFC-ietf-cose-webauthn-algorithms-08] No Unassigned -256 to -48 ES256K -47 ECDSA using secp256k1 curve and [RFC-ietf-cose-webauthn-algorithms-08] No SHA-256 HSS-LMS -46 HSS/LMS hash-based digital [RFC8778] Yes signature SHAKE256 (TEMPORARY - registered 2019-08-13, extension registered -45 256-bit SHAKE [draft-ietf-cose-hash-algs] Yes 2020-06-19, expires 2021-08-13) SHA-512 (TEMPORARY - registered 2019-08-13, extension registered 2020-06-19, expires -44 SHA-2 512-bit Hash [draft-ietf-cose-hash-algs] Yes 2021-08-13) SHA-384 (TEMPORARY - registered 2019-08-13, extension registered 2020-06-19, expires -43 SHA-2 384-bit Hash [draft-ietf-cose-hash-algs] Yes 2021-08-13) RSAES-OAEP w/ SHA-512 -42 RSAES-OAEP w/ SHA-512 [RFC8230] Yes RSAES-OAEP w/ SHA-256 -41 RSAES-OAEP w/ SHA-256 [RFC8230] Yes RSAES-OAEP w/ RFC 8017 default parameters -40 RSAES-OAEP w/ SHA-1 [RFC8230] Yes PS512 -39 RSASSA-PSS w/ SHA-512 [RFC8230] Yes PS384 -38 RSASSA-PSS w/ SHA-384 [RFC8230] Yes PS256 -37 RSASSA-PSS w/ SHA-256 [RFC8230] Yes ES512 -36 ECDSA w/ SHA-512 [RFC8152] Yes ES384 -35 ECDSA w/ SHA-384 [RFC8152] Yes ECDH-SS + A256KW -34 ECDH SS w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 256-bit key ECDH-SS + A192KW -33 ECDH SS w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 192-bit key ECDH-SS + A128KW -32 ECDH SS w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 128-bit key ECDH-ES + A256KW -31 ECDH ES w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 256-bit key ECDH-ES + A192KW -30 ECDH ES w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 192-bit key ECDH-ES + A128KW -29 ECDH ES w/ Concat KDF and AES [RFC8152] Yes Key Wrap w/ 128-bit key ECDH-SS + HKDF-512 -28 ECDH SS w/ HKDF - generate key [RFC8152] Yes directly ECDH-SS + HKDF-256 -27 ECDH SS w/ HKDF - generate key [RFC8152] Yes directly ECDH-ES + HKDF-512 -26 ECDH ES w/ HKDF - generate key [RFC8152] Yes directly ECDH-ES + HKDF-256 -25 ECDH ES w/ HKDF - generate key [RFC8152] Yes directly Unassigned -24 to -19 SHAKE128 (TEMPORARY - registered 2019-08-13, extension registered -18 128-bit SHAKE [draft-ietf-cose-hash-algs] Yes 2020-06-19, expires 2021-08-13) SHA-512/256 (TEMPORARY - registered SHA-2 512-bit Hash truncated to 2019-08-13, extension registered -17 256-bits [draft-ietf-cose-hash-algs] Yes 2020-06-19, expires 2021-08-13) SHA-256 (TEMPORARY - registered 2019-08-13, extension registered 2020-06-19, expires -16 SHA-2 256-bit Hash [draft-ietf-cose-hash-algs] Yes 2021-08-13) SHA-256/64 (TEMPORARY - registered SHA-2 256-bit Hash truncated to 2019-08-13, extension registered -15 64-bits [draft-ietf-cose-hash-algs] Filter Only 2020-06-19, expires 2021-08-13) SHA-1 (TEMPORARY - registered 2019-08-13, extension registered 2020-06-19, expires -14 SHA-1 Hash [draft-ietf-cose-hash-algs] Filter Only 2021-08-13) direct+HKDF-AES-256 -13 Shared secret w/ AES-MAC 256-bit [RFC8152] Yes key direct+HKDF-AES-128 -12 Shared secret w/ AES-MAC 128-bit [RFC8152] Yes key direct+HKDF-SHA-512 -11 Shared secret w/ HKDF and [RFC8152] Yes SHA-512 direct+HKDF-SHA-256 -10 Shared secret w/ HKDF and [RFC8152] Yes SHA-256 Unassigned -9 EdDSA -8 EdDSA [RFC8152] Yes ES256 -7 ECDSA w/ SHA-256 [RFC8152] Yes direct -6 Direct use of CEK [RFC8152] Yes A256KW -5 AES Key Wrap w/ 256-bit key [RFC8152] Yes A192KW -4 AES Key Wrap w/ 192-bit key [RFC8152] Yes A128KW -3 AES Key Wrap w/ 128-bit key [RFC8152] Yes Unassigned -2 to -1 Reserved 0 [RFC8152] No A128GCM 1 AES-GCM mode w/ 128-bit key, [RFC8152] Yes 128-bit tag A192GCM 2 AES-GCM mode w/ 192-bit key, [RFC8152] Yes 128-bit tag A256GCM 3 AES-GCM mode w/ 256-bit key, [RFC8152] Yes 128-bit tag HMAC 256/64 4 HMAC w/ SHA-256 truncated to 64 [RFC8152] Yes bits HMAC 256/256 5 HMAC w/ SHA-256 [RFC8152] Yes HMAC 384/384 6 HMAC w/ SHA-384 [RFC8152] Yes HMAC 512/512 7 HMAC w/ SHA-512 [RFC8152] Yes Unassigned 8-9 AES-CCM-16-64-128 10 AES-CCM mode 128-bit key, 64-bit [RFC8152] Yes tag, 13-byte nonce AES-CCM-16-64-256 11 AES-CCM mode 256-bit key, 64-bit [RFC8152] Yes tag, 13-byte nonce AES-CCM-64-64-128 12 AES-CCM mode 128-bit key, 64-bit [RFC8152] Yes tag, 7-byte nonce AES-CCM-64-64-256 13 AES-CCM mode 256-bit key, 64-bit [RFC8152] Yes tag, 7-byte nonce AES-MAC 128/64 14 AES-MAC 128-bit key, 64-bit tag [RFC8152] Yes AES-MAC 256/64 15 AES-MAC 256-bit key, 64-bit tag [RFC8152] Yes Unassigned 16-23 ChaCha20/Poly1305 24 ChaCha20/Poly1305 w/ 256-bit [RFC8152] Yes key, 128-bit tag AES-MAC 128/128 25 AES-MAC 128-bit key, 128-bit tag [RFC8152] Yes AES-MAC 256/128 26 AES-MAC 256-bit key, 128-bit tag [RFC8152] Yes Unassigned 27-29 AES-CCM-16-128-128 30 AES-CCM mode 128-bit key, [RFC8152] Yes 128-bit tag, 13-byte nonce AES-CCM-16-128-256 31 AES-CCM mode 256-bit key, [RFC8152] Yes 128-bit tag, 13-byte nonce AES-CCM-64-128-128 32 AES-CCM mode 128-bit key, [RFC8152] Yes 128-bit tag, 7-byte nonce AES-CCM-64-128-256 33 AES-CCM mode 256-bit key, [RFC8152] Yes 128-bit tag, 7-byte nonce COSE Key Common Parameters Expert(s) Francesca Palombini, Matt Miller, Justin Richer, Carsten Bormann Reference [RFC8152] Available Formats [IMG] CSV Range Registration Procedures Integer values in the range -65536 to -1 used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry Integer values between 0 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Strings of length 1 Standards Action With Expert Review Strings of length 2 Specification Required Strings of length greater than 2 Expert Review Name Label CBOR Type Value Registry Description Reference Reserved for Private Use less than -65536 [RFC8152] used for key parameters specific to a single algorithm delegated to the COSE Key Type -65536 to -1 [RFC8152] Parameters registry Reserved 0 [RFC8152] kty 1 tstr / int COSE Key Types Identification of the key type [RFC8152][RFC Errata 5545] kid 2 bstr Key identification value - [RFC8152] match to kid in message alg 3 tstr / int COSE Algorithms Key usage restriction to this [RFC8152] algorithm key_ops 4 [+ (tstr/int)] Restrict set of permissible [RFC8152] operations Base IV 5 bstr Base IV to be XORed with [RFC8152] Partial IVs COSE Key Type Parameters Registration Procedure(s) Expert Review Expert(s) Jim Schaad, Göran Selander, Derek Atkins, Sean Turner Reference [RFC8152] Available Formats [IMG] CSV Key Type Name Label CBOR Type Description Reference 1 crv -1 int / tstr EC identifier - Taken from the "COSE Elliptic Curves" registry [RFC8152] 2 crv -1 int / tstr EC identifier - Taken from the "COSE Elliptic Curves" registry [RFC8152][RFC Errata 5650] 4 k -1 bstr Key Value [RFC8152] 1 x -2 bstr x-coordinate [RFC8152] 2 x -2 bstr x-coordinate [RFC8152] 2 y -3 bstr / bool y-coordinate [RFC8152] 1 d -4 bstr Private key [RFC8152] 2 d -4 bstr Private key [RFC8152] 3 n -1 bstr the RSA modulus n [RFC8230] 3 e -2 bstr the RSA public exponent e [RFC8230] 3 d -3 bstr the RSA private exponent d [RFC8230] 3 p -4 bstr the prime factor p of n [RFC8230] 3 q -5 bstr the prime factor q of n [RFC8230] 3 dP -6 bstr dP is d mod (p - 1) [RFC8230] 3 dQ -7 bstr dQ is d mod (q - 1) [RFC8230] 3 qInv -8 bstr qInv is the CRT coefficient q^(-1) mod p [RFC8230] 3 other -9 array other prime infos, an array [RFC8230] 3 r_i -10 bstr a prime factor r_i of n, where i >= 3 [RFC8230] 3 d_i -11 bstr d_i = d mod (r_i - 1) [RFC8230] 3 t_i -12 bstr the CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) mod r_i [RFC8230] 5 pub -1 bstr Public key for HSS/LMS hash-based digital signature [RFC8778] COSE Key Types Registration Procedure(s) Expert Review Expert(s) Jim Schaad, Göran Selander, Derek Atkins, Sean Turner Reference [RFC8152] Available Formats [IMG] CSV Name Value Description Reference Reserved 0 This value is reserved [RFC8152] OKP 1 Octet Key Pair [RFC8152] EC2 2 Elliptic Curve Keys w/ x- and y-coordinate pair [RFC8152] RSA 3 RSA Key [RFC8230] Symmetric 4 Symmetric Keys [RFC8152] HSS-LMS 5 Public key for HSS/LMS hash-based digital signature [RFC8778] COSE Elliptic Curves Expert(s) Jim Schaad, Göran Selander, Derek Atkins, Sean Turner Reference [RFC8152] Available Formats [IMG] CSV Range Registration Procedures Integer values -65536 to -257 Specification Required Integer values -256 to 255 Standards Action With Expert Review Integer values 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Name Value Key Type Description Reference Recommended Reserved for Private Use Integer values less than [RFC8152] No -65536 Unassigned -65536 to -1 Reserved 0 [RFC8152] No P-256 1 EC2 NIST P-256 also known as [RFC8152] Yes secp256r1 P-384 2 EC2 NIST P-384 also known as [RFC8152] Yes secp384r1 P-521 3 EC2 NIST P-521 also known as [RFC8152] Yes secp521r1 X25519 4 OKP X25519 for use w/ ECDH only [RFC8152] Yes X448 5 OKP X448 for use w/ ECDH only [RFC8152] Yes Ed25519 6 OKP Ed25519 for use w/ EdDSA only [RFC8152] Yes Ed448 7 OKP Ed448 for use w/ EdDSA only [RFC8152] Yes secp256k1 8 EC2 SECG secp256k1 curve [RFC-ietf-cose-webauthn-algorithms-08] No