CBOR Object Signing and Encryption (COSE)
- Created
- 2017-01-11
- Last Updated
- 2025-05-16
- Available Formats
-
XML
HTML
Plain text
Registries Included Below
- COSE Header Parameters
- COSE Header Algorithm Parameters
- COSE Algorithms
- COSE Key Common Parameters
- COSE Key Type Parameters
- COSE Key Types
- COSE Elliptic Curves
COSE Header Parameters
- Expert(s)
-
Francesca Palombini, Carsten Bormann
- Reference
- [RFC9052]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values in the range -1 to -65536 | delegated to the COSE Header Algorithm Parameters registry |
| Integer values between 1 and 255 | Standards Action With Expert Review |
| Integer values from 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Label | Value Type | Value Registry | Description | Reference |
|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9052] | |||
| delegated to the COSE Header Algorithm Parameters registry | -65536 to -1 | ||||
| Reserved | 0 | [RFC9052] | |||
| alg | 1 | int / tstr | COSE Algorithms registry | Cryptographic algorithm to use | [RFC9052] |
| crit | 2 | [+ label] | COSE Header Parameters registry | Critical headers to be understood | [RFC9052] |
| content type | 3 | tstr / uint | [COAP Content-Formats] or [Media Types] registry | Content type of the payload | [RFC9052] |
| kid | 4 | bstr | Key identifier | [RFC9052] | |
| IV | 5 | bstr | Full Initialization Vector | [RFC9052] | |
| Partial IV | 6 | bstr | Partial Initialization Vector | [RFC9052] | |
| counter signature | 7 | COSE_Signature / [+ COSE_Signature ] | CBOR-encoded signature structure (Deprecated by [RFC9338]) | [RFC8152] | |
| Unassigned | 8 | ||||
| CounterSignature0 | 9 | bstr | Counter signature with implied signer and headers (Deprecated by [RFC9338]) | [RFC8152] | |
| kid context | 10 | bstr | Identifies the context for the key identifier | [RFC8613, Section 5.1] | |
| Countersignature version 2 | 11 | COSE_Countersignature / [+ COSE_Countersignature] | V2 countersignature attribute | [RFC9338] | |
| Countersignature0 version 2 | 12 | COSE_Countersignature0 | V2 Abbreviated Countersignature | [RFC9338] | |
| kcwt | 13 | COSE_Messages | A CBOR Web Token (CWT) containing a COSE_Key in a 'cnf' claim and possibly other claims. CWT is defined in [RFC8392]. COSE_Messages is defined in [RFC9052]. | [RFC9528] | |
| kccs | 14 | map | A CWT Claims Set (CCS) containing a COSE_Key in a 'cnf' claim and possibly other claims. CCS is defined in [RFC8392]. | [RFC9528] | |
| CWT Claims | 15 | map | map keys in [CWT Claims] | Location for CWT Claims in COSE Header Parameters. | [RFC9597, Section 2] |
| typ (type) | 16 | uint / tstr | [COAP Content-Formats] or [Media Types] registry | Content type of the complete COSE object | [RFC9596, Section 2] |
| Unassigned | 17-21 | ||||
| c5t | 22 | COSE_CertHash | Hash of a C509Certificate (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) | [draft-ietf-cose-cbor-encoded-cert-12] | |
| c5u | 23 | uri | URI pointing to a COSE_C509 containing an ordered chain of certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) | [draft-ietf-cose-cbor-encoded-cert-12] | |
| c5b | 24 | COSE_C509 | An unordered bag of C509 certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) | [draft-ietf-cose-cbor-encoded-cert-12] | |
| c5c | 25 | COSE_C509 | An ordered chain of C509 certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) | [draft-ietf-cose-cbor-encoded-cert-12] | |
| Unassigned | 26-31 | ||||
| x5bag | 32 | COSE_X509 | An unordered bag of X.509 certificates | [RFC9360] | |
| x5chain | 33 | COSE_X509 | An ordered chain of X.509 certificates | [RFC9360] | |
| x5t | 34 | COSE_CertHash | Hash of an X.509 certificate | [RFC9360] | |
| x5u | 35 | uri | URI pointing to an X.509 certificate | [RFC9360] | |
| Unassigned | 36-255 | ||||
| CUPHNonce | 256 | bstr | Challenge Nonce | [FIDO Device Onboard Specification] | |
| CUPHOwnerPubKey | 257 | array | Public Key | [FIDO Device Onboard Specification] | |
| payload-hash-alg | 258 | int | [COSE Algorithms] registry | The hash algorithm used to produce the payload of a COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) | [draft-ietf-cose-hash-envelope-03, Section 3] |
| preimage content type | 259 | uint / tstr | [CoAP Content-Formats] registry | The content-format number or content-type (media-type name) of data that has been hashed to produce the payload of the COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) | [draft-ietf-cose-hash-envelope-03, Section 3] |
| payload-location | 260 | tstr | The string or URI hint for the location of the data hashed to produce the payload of a COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) | [draft-ietf-cose-hash-envelope-03, Section 3] | |
| Unassigned | 261-393 | ||||
| receipts | 394 | array | Priority ordered sequence of CBOR encoded Receipts (TEMPORARY - registered 2025-05-16, expires 2026-05-16) | [draft-ietf-cose-merkle-tree-proofs-14, Section 2] | |
| vds | 395 | int | COSE Verifiable Data Structure (to be created for draft-ietf-cose-merkle-tree-proofs upon approval for publication as an RFC) | Algorithm identifier for verifiable data structures, used to produce verifiable data structure proofs (TEMPORARY - registered 2025-05-16, expires 2026-05-16) | [draft-ietf-cose-merkle-tree-proofs-14, Section 2] |
| vdp | 396 | map | map key in COSE Verifiable Data Structure Proofs (to be created for draft-ietf-cose-merkle-tree-proofs upon approval for publication as an RFC) | Location for verifiable data structure proofs in COSE Header Parameters (TEMPORARY - registered 2025-05-16, expires 2026-05-16) | [draft-ietf-cose-merkle-tree-proofs-14, Section 2] |
COSE Header Algorithm Parameters
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Göran Selander, Derek Atkins, Sean Turner
- Reference
- [RFC9053]
- Available Formats
-
CSV
| Name | Algorithm | Label | Type | Description | Reference |
|---|---|---|---|---|---|
| Unassigned | -65536 to -30 | ||||
| x5chain-sender | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -29 | COSE_X509 | static key X.509 certificate chain | [RFC9360] |
| x5u-sender | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -28 | uri | URI for the sender's X.509 certificate | [RFC9360] |
| x5t-sender | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -27 | COSE_CertHash | Thumbprint for the sender's X.509 certificate | [RFC9360] |
| PartyV other | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -26 | bstr | Party V other provided information | [RFC9053] |
| PartyV nonce | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -25 | bstr / int | Party V provided nonce | [RFC9053] |
| PartyV identity | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -24 | bstr | Party V identity information | [RFC9053] |
| PartyU other | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -23 | bstr | Party U other provided information | [RFC9053] |
| PartyU nonce | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -22 | bstr / int | Party U provided nonce | [RFC9053] |
| PartyU identity | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -21 | bstr | Party U identity information | [RFC9053] |
| salt | direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -20 | bstr | Random salt | [RFC9053] |
| Unassigned | -19 to -4 | ||||
| static key id | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -3 | bstr | Static public key identifier for the sender | [RFC9053] |
| static key | ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW | -2 | COSE_Key | Static public key for the sender | [RFC9053] |
| ephemeral key | ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW | -1 | COSE_Key | Ephemeral public key for the sender | [RFC9053] |
COSE Algorithms
- Expert(s)
-
Göran Selander, Derek Atkins, Sean Turner
- Reference
- [RFC9053][RFC9054][RFC-ietf-jose-fully-specified-algorithms-13, Section 4.3.1]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values from -65536 to -257 | Specification Required |
| Integer values between -256 and 255 | Standards Action With Expert Review |
| Integer values from 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Value | Description | Capabilities | Change Controller | Reference | Recommended |
|---|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9053] | No | |||
| Unassigned | -65536 | |||||
| RS1 | -65535 | RSASSA-PKCS1-v1_5 using SHA-1 | [kty] | IESG | [RFC8812][RFC9053] | Deprecated |
| A128CTR | -65534 | AES-CTR w/ 128-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A192CTR | -65533 | AES-CTR w/ 192-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A256CTR | -65532 | AES-CTR w/ 256-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A128CBC | -65531 | AES-CBC w/ 128-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A192CBC | -65530 | AES-CBC w/ 192-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| A256CBC | -65529 | AES-CBC w/ 256-bit key | [kty] | IETF | [RFC9459] | Deprecated |
| Unassigned | -65528 to -269 | |||||
| ESB512 | -268 | ECDSA using BrainpoolP512r1 curve and SHA-512 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | No |
| ESB384 | -267 | ECDSA using BrainpoolP384r1 curve and SHA-384 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | No |
| ESB320 | -266 | ECDSA using BrainpoolP320r1 curve and SHA-384 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | No |
| ESB256 | -265 | ECDSA using BrainpoolP256r1 curve and SHA-256 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | No |
| KT256 | -264 | KT256 XOF | [kty] | IETF | [RFC-irtf-cfrg-kangarootwelve-17] | No |
| KT128 | -263 | KT128 XOF | [kty] | IETF | [RFC-irtf-cfrg-kangarootwelve-17] | No |
| TurboSHAKE256 | -262 | TurboSHAKE256 XOF | [kty] | IETF | [RFC-irtf-cfrg-kangarootwelve-17] | No |
| TurboSHAKE128 | -261 | TurboSHAKE128 XOF | [kty] | IETF | [RFC-irtf-cfrg-kangarootwelve-17] | No |
| WalnutDSA | -260 | WalnutDSA signature | [kty] | [RFC9021][RFC9053] | No | |
| RS512 | -259 | RSASSA-PKCS1-v1_5 using SHA-512 | [kty] | IESG | [RFC8812][RFC9053] | No |
| RS384 | -258 | RSASSA-PKCS1-v1_5 using SHA-384 | [kty] | IESG | [RFC8812][RFC9053] | No |
| RS256 | -257 | RSASSA-PKCS1-v1_5 using SHA-256 | [kty] | IESG | [RFC8812][RFC9053] | No |
| Unassigned | -256 to -54 | |||||
| Ed448 | -53 | EdDSA using Ed448 curve | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | Yes |
| ESP512 | -52 | ECDSA using P-521 curve and SHA-512 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | Yes |
| ESP384 | -51 | ECDSA using P-384 curve and SHA-384 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | Yes |
| ML-DSA-87 | -50 | CBOR Object Signing Algorithm for ML-DSA-87 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) | [kty] | [draft-ietf-cose-dilithium-06] | Yes | |
| ML-DSA-65 | -49 | CBOR Object Signing Algorithm for ML-DSA-65 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) | [kty] | [draft-ietf-cose-dilithium-06] | Yes | |
| ML-DSA-44 | -48 | CBOR Object Signing Algorithm for ML-DSA-44 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) | [kty] | [draft-ietf-cose-dilithium-06] | Yes | |
| ES256K | -47 | ECDSA using secp256k1 curve and SHA-256 | [kty] | IESG | [RFC8812][RFC9053] | No |
| HSS-LMS | -46 | HSS/LMS hash-based digital signature | [kty] | [RFC8778][RFC9053] | Yes | |
| SHAKE256 | -45 | SHAKE-256 512-bit Hash Value | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-512 | -44 | SHA-2 512-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-384 | -43 | SHA-2 384-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| RSAES-OAEP w/ SHA-512 | -42 | RSAES-OAEP w/ SHA-512 | [kty] | [RFC8230][RFC9053] | Yes | |
| RSAES-OAEP w/ SHA-256 | -41 | RSAES-OAEP w/ SHA-256 | [kty] | [RFC8230][RFC9053] | Yes | |
| RSAES-OAEP w/ RFC 8017 default parameters | -40 | RSAES-OAEP w/ SHA-1 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS512 | -39 | RSASSA-PSS w/ SHA-512 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS384 | -38 | RSASSA-PSS w/ SHA-384 | [kty] | [RFC8230][RFC9053] | Yes | |
| PS256 | -37 | RSASSA-PSS w/ SHA-256 | [kty] | [RFC8230][RFC9053] | Yes | |
| ES512 | -36 | ECDSA w/ SHA-512 | [kty] | [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] | Deprecated | |
| ES384 | -35 | ECDSA w/ SHA-384 | [kty] | IETF | [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] | Deprecated |
| ECDH-SS + A256KW | -34 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + A192KW | -33 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + A128KW | -32 | ECDH SS w/ Concat KDF and AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A256KW | -31 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A192KW | -30 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-ES + A128KW | -29 | ECDH ES w/ Concat KDF and AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| ECDH-SS + HKDF-512 | -28 | ECDH SS w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-SS + HKDF-256 | -27 | ECDH SS w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-ES + HKDF-512 | -26 | ECDH ES w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| ECDH-ES + HKDF-256 | -25 | ECDH ES w/ HKDF - generate key directly | [kty] | [RFC9053] | Yes | |
| Unassigned | -24 to -20 | |||||
| Ed25519 | -19 | EdDSA using Ed25519 curve | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | Yes |
| SHAKE128 | -18 | SHAKE-128 256-bit Hash Value | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-512/256 | -17 | SHA-2 512-bit Hash truncated to 256-bits | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-256 | -16 | SHA-2 256-bit Hash | [kty] | [RFC9054][RFC9053] | Yes | |
| SHA-256/64 | -15 | SHA-2 256-bit Hash truncated to 64-bits | [kty] | [RFC9054][RFC9053] | Filter Only | |
| SHA-1 | -14 | SHA-1 Hash | [kty] | [RFC9054][RFC9053] | Filter Only | |
| direct+HKDF-AES-256 | -13 | Shared secret w/ AES-MAC 256-bit key | [kty] | [RFC9053] | Yes | |
| direct+HKDF-AES-128 | -12 | Shared secret w/ AES-MAC 128-bit key | [kty] | [RFC9053] | Yes | |
| direct+HKDF-SHA-512 | -11 | Shared secret w/ HKDF and SHA-512 | [kty] | [RFC9053] | Yes | |
| direct+HKDF-SHA-256 | -10 | Shared secret w/ HKDF and SHA-256 | [kty] | [RFC9053] | Yes | |
| ESP256 | -9 | ECDSA using P-256 curve and SHA-256 | [kty] | IETF | [RFC-ietf-jose-fully-specified-algorithms-13] | Yes |
| EdDSA | -8 | EdDSA | [kty] | IETF | [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] | Deprecated |
| ES256 | -7 | ECDSA w/ SHA-256 | [kty] | IETF | [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] | Deprecated |
| direct | -6 | Direct use of CEK | [kty] | [RFC9053] | Yes | |
| A256KW | -5 | AES Key Wrap w/ 256-bit key | [kty] | [RFC9053] | Yes | |
| A192KW | -4 | AES Key Wrap w/ 192-bit key | [kty] | [RFC9053] | Yes | |
| A128KW | -3 | AES Key Wrap w/ 128-bit key | [kty] | [RFC9053] | Yes | |
| Unassigned | -2 to -1 | |||||
| Reserved | 0 | [RFC9053] | No | |||
| A128GCM | 1 | AES-GCM mode w/ 128-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| A192GCM | 2 | AES-GCM mode w/ 192-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| A256GCM | 3 | AES-GCM mode w/ 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| HMAC 256/64 | 4 | HMAC w/ SHA-256 truncated to 64 bits | [kty] | [RFC9053] | Yes | |
| HMAC 256/256 | 5 | HMAC w/ SHA-256 | [kty] | [RFC9053] | Yes | |
| HMAC 384/384 | 6 | HMAC w/ SHA-384 | [kty] | [RFC9053] | Yes | |
| HMAC 512/512 | 7 | HMAC w/ SHA-512 | [kty] | [RFC9053] | Yes | |
| Unassigned | 8-9 | |||||
| AES-CCM-16-64-128 | 10 | AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-16-64-256 | 11 | AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-64-128 | 12 | AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-64-256 | 13 | AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-MAC 128/64 | 14 | AES-MAC 128-bit key, 64-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 256/64 | 15 | AES-MAC 256-bit key, 64-bit tag | [kty] | [RFC9053] | Yes | |
| Unassigned | 16-23 | |||||
| ChaCha20/Poly1305 | 24 | ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 128/128 | 25 | AES-MAC 128-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| AES-MAC 256/128 | 26 | AES-MAC 256-bit key, 128-bit tag | [kty] | [RFC9053] | Yes | |
| Unassigned | 27-29 | |||||
| AES-CCM-16-128-128 | 30 | AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-16-128-256 | 31 | AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-128-128 | 32 | AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| AES-CCM-64-128-256 | 33 | AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce | [kty] | [RFC9053] | Yes | |
| IV-GENERATION | 34 | For doing IV generation for symmetric algorithms. | [RFC9053] | No |
COSE Key Common Parameters
- Expert(s)
-
Francesca Palombini, Carsten Bormann
- Reference
- [RFC9052]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values in the range -65536 to -1 | used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry |
| Integer values between 0 and 255 | Standards Action With Expert Review |
| Integer values from 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Strings of length 1 | Standards Action With Expert Review |
| Strings of length 2 | Specification Required |
| Strings of length greater than 2 | Expert Review |
| Name | Label | CBOR Type | Value Registry | Description | Reference |
|---|---|---|---|---|---|
| Reserved for Private Use | less than -65536 | [RFC9052] | |||
| used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry | -65536 to -1 | [RFC9052] | |||
| Reserved | 0 | [RFC9052] | |||
| kty | 1 | tstr / int | COSE Key Types | Identification of the key type | [RFC9052] |
| kid | 2 | bstr | Key identification value - match to kid in message | [RFC9052] | |
| alg | 3 | tstr / int | COSE Algorithms | Key usage restriction to this algorithm | [RFC9052] |
| key_ops | 4 | [+ (tstr/int)] | Restrict set of permissible operations | [RFC9052] | |
| Base IV | 5 | bstr | Base IV to be XORed with Partial IVs | [RFC9052] |
COSE Key Type Parameters
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Göran Selander, Derek Atkins, Sean Turner
- Reference
- [RFC9053]
- Available Formats
-
CSV
| Key Type | Name | Label | CBOR Type | Description | Reference |
|---|---|---|---|---|---|
| 1 | crv | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry | [RFC9053] |
| 1 | x | -2 | bstr | Public Key | [RFC9053] |
| 1 | d | -4 | bstr | Private key | [RFC9053] |
| 2 | crv | -1 | int / tstr | EC identifier -- Taken from the "COSE Elliptic Curves" registry | [RFC9053] |
| 2 | x | -2 | bstr | x-coordinate | [RFC9053] |
| 2 | y | -3 | bstr / bool | y-coordinate | [RFC9053] |
| 2 | d | -4 | bstr | Private key | [RFC9053] |
| 3 | n | -1 | bstr | the RSA modulus n | [RFC8230] |
| 3 | e | -2 | bstr | the RSA public exponent e | [RFC8230] |
| 3 | d | -3 | bstr | the RSA private exponent d | [RFC8230] |
| 3 | p | -4 | bstr | the prime factor p of n | [RFC8230] |
| 3 | q | -5 | bstr | the prime factor q of n | [RFC8230] |
| 3 | dP | -6 | bstr | dP is d mod (p - 1) | [RFC8230] |
| 3 | dQ | -7 | bstr | dQ is d mod (q - 1) | [RFC8230] |
| 3 | qInv | -8 | bstr | qInv is the CRT coefficient q^(-1) mod p | [RFC8230] |
| 3 | other | -9 | array | other prime infos, an array | [RFC8230] |
| 3 | r_i | -10 | bstr | a prime factor r_i of n, where i >= 3 | [RFC8230] |
| 3 | d_i | -11 | bstr | d_i = d mod (r_i - 1) | [RFC8230] |
| 3 | t_i | -12 | bstr | the CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) mod r_i | [RFC8230] |
| 4 | k | -1 | bstr | Key Value | [RFC9053] |
| 5 | pub | -1 | bstr | Public key for HSS/LMS hash-based digital signature | [RFC8778] |
| 6 | N | -1 | uint | Group and Matrix (NxN) size | [RFC9021] |
| 6 | q | -2 | uint | Finite field F_q | [RFC9021] |
| 6 | t-values | -3 | array (of uint) | List of T-values, entries in F_q | [RFC9021] |
| 6 | matrix 1 | -4 | array (of array of uint) | NxN Matrix of entries in F_q in column-major form | [RFC9021] |
| 6 | permutation 1 | -5 | array (of uint) | Permutation associated with matrix 1 | [RFC9021] |
| 6 | matrix 2 | -6 | array (of array of uint) | NxN Matrix of entries in F_q in column-major form | [RFC9021] |
| 7 | pub | -1 | bstr | Public key | [draft-ietf-cose-dilithium-06] |
COSE Key Types
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Göran Selander, Derek Atkins, Sean Turner
- Reference
- [RFC9053]
- Available Formats
-
CSV
| Name | Value | Description | Capabilities | Reference |
|---|---|---|---|---|
| Reserved | 0 | This value is reserved | [RFC9053] | |
| OKP | 1 | Octet Key Pair | [kty(1), crv] | [RFC9053] |
| EC2 | 2 | Elliptic Curve Keys w/ x- and y-coordinate pair | [kty(2), crv] | [RFC9053] |
| RSA | 3 | RSA Key | [kty(3)] | [RFC8230][RFC9053] |
| Symmetric | 4 | Symmetric Keys | [kty(4)] | [RFC9053] |
| HSS-LMS | 5 | Public key for HSS/LMS hash-based digital signature | [kty(5), hash algorithm] | [RFC8778][RFC9053] |
| WalnutDSA | 6 | WalnutDSA public key | [kty(6)] | [RFC9021][RFC9053] |
| AKP | 7 | COSE Key Type for Algorithm Key Pairs | [kty(7)] | [draft-ietf-cose-dilithium-06] |
COSE Elliptic Curves
- Expert(s)
-
Göran Selander, Derek Atkins, Sean Turner
- Reference
- [RFC9053]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| Integers less than -65536 | Private Use |
| Integer values -65536 to -257 | Specification Required |
| Integer values -256 to 255 | Standards Action With Expert Review |
| Integer values 256 to 65535 | Specification Required |
| Integer values greater than 65535 | Expert Review |
| Name | Value | Key Type | Description | Change Controller | Reference | Recommended |
|---|---|---|---|---|---|---|
| Reserved for Private Use | Integer values less than -65536 | [RFC9053] | No | |||
| Unassigned | -65536 to -1 | |||||
| Reserved | 0 | [RFC9053] | No | |||
| P-256 | 1 | EC2 | NIST P-256 also known as secp256r1 | [RFC9053] | Yes | |
| P-384 | 2 | EC2 | NIST P-384 also known as secp384r1 | [RFC9053] | Yes | |
| P-521 | 3 | EC2 | NIST P-521 also known as secp521r1 | [RFC9053] | Yes | |
| X25519 | 4 | OKP | X25519 for use w/ ECDH only | [RFC9053] | Yes | |
| X448 | 5 | OKP | X448 for use w/ ECDH only | [RFC9053] | Yes | |
| Ed25519 | 6 | OKP | Ed25519 for use w/ EdDSA only | [RFC9053] | Yes | |
| Ed448 | 7 | OKP | Ed448 for use w/ EdDSA only | [RFC9053] | Yes | |
| secp256k1 | 8 | EC2 | SECG secp256k1 curve | IESG | [RFC8812] | No |
| Unassigned | 9-255 | |||||
| brainpoolP256r1 | 256 | EC2 | BrainpoolP256r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP320r1 | 257 | EC2 | BrainpoolP320r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP384r1 | 258 | EC2 | BrainpoolP384r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |
| brainpoolP512r1 | 259 | EC2 | BrainpoolP512r1 | [ISO/IEC JTC 1/SC 17/WG 10] | [ISO/IEC 18013-5:2021, 9.1.5.2] | No |