Internet Assigned Numbers Authority

CBOR Object Signing and Encryption (COSE)

Created
2017-01-11
Last Updated
2025-06-16
Available Formats

XML
HTML
Plain text

Registries Included Below

COSE Header Parameters

Expert(s)
Francesca Palombini, Carsten Bormann
Reference
[RFC9052]
Available Formats

CSV
Range Registration Procedures
Integers less than -65536 Private Use
Integer values in the range -1 to -65536 delegated to the COSE Header Algorithm Parameters registry
Integer values between 1 and 255 Standards Action With Expert Review
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action With Expert Review
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Name Label Value Type Value Registry Description Reference
Reserved for Private Use less than -65536 [RFC9052]
delegated to the COSE Header Algorithm Parameters registry -65536 to -1
Reserved 0 [RFC9052]
alg 1 int / tstr COSE Algorithms registry Cryptographic algorithm to use [RFC9052]
crit 2 [+ label] COSE Header Parameters registry Critical headers to be understood [RFC9052]
content type 3 tstr / uint [COAP Content-Formats] or [Media Types] registry Content type of the payload [RFC9052]
kid 4 bstr Key identifier [RFC9052]
IV 5 bstr Full Initialization Vector [RFC9052]
Partial IV 6 bstr Partial Initialization Vector [RFC9052]
counter signature 7 COSE_Signature / [+ COSE_Signature ] CBOR-encoded signature structure (Deprecated by [RFC9338]) [RFC8152]
Unassigned 8
CounterSignature0 9 bstr Counter signature with implied signer and headers (Deprecated by [RFC9338]) [RFC8152]
kid context 10 bstr Identifies the context for the key identifier [RFC8613, Section 5.1]
Countersignature version 2 11 COSE_Countersignature / [+ COSE_Countersignature] V2 countersignature attribute [RFC9338]
Countersignature0 version 2 12 COSE_Countersignature0 V2 Abbreviated Countersignature [RFC9338]
kcwt 13 COSE_Messages A CBOR Web Token (CWT) containing a COSE_Key in a 'cnf' claim and possibly other claims. CWT is defined in [RFC8392]. COSE_Messages is defined in [RFC9052]. [RFC9528]
kccs 14 map A CWT Claims Set (CCS) containing a COSE_Key in a 'cnf' claim and possibly other claims. CCS is defined in [RFC8392]. [RFC9528]
CWT Claims 15 map map keys in [CWT Claims] Location for CWT Claims in COSE Header Parameters. [RFC9597, Section 2]
typ (type) 16 uint / tstr [COAP Content-Formats] or [Media Types] registry Content type of the complete COSE object [RFC9596, Section 2]
Unassigned 17-21
c5t 22 COSE_CertHash Hash of a C509Certificate (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) [draft-ietf-cose-cbor-encoded-cert-12]
c5u 23 uri URI pointing to a COSE_C509 containing an ordered chain of certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) [draft-ietf-cose-cbor-encoded-cert-12]
c5b 24 COSE_C509 An unordered bag of C509 certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) [draft-ietf-cose-cbor-encoded-cert-12]
c5c 25 COSE_C509 An ordered chain of C509 certificates (TEMPORARY - registered 2024-03-11, extension registered 2025-02-28, expires 2025-03-11) [draft-ietf-cose-cbor-encoded-cert-12]
Unassigned 26-31
x5bag 32 COSE_X509 An unordered bag of X.509 certificates [RFC9360]
x5chain 33 COSE_X509 An ordered chain of X.509 certificates [RFC9360]
x5t 34 COSE_CertHash Hash of an X.509 certificate [RFC9360]
x5u 35 uri URI pointing to an X.509 certificate [RFC9360]
Unassigned 36-255
CUPHNonce 256 bstr Challenge Nonce [FIDO Device Onboard Specification]
CUPHOwnerPubKey 257 array Public Key [FIDO Device Onboard Specification]
payload-hash-alg 258 int [COSE Algorithms] registry The hash algorithm used to produce the payload of a COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) [draft-ietf-cose-hash-envelope-03, Section 3]
preimage content type 259 uint / tstr [CoAP Content-Formats] registry The content-format number or content-type (media-type name) of data that has been hashed to produce the payload of the COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) [draft-ietf-cose-hash-envelope-03, Section 3]
payload-location 260 tstr The string or URI hint for the location of the data hashed to produce the payload of a COSE_Sign1 (TEMPORARY - registered 2025-03-05, expires 2026-03-05) [draft-ietf-cose-hash-envelope-03, Section 3]
x5ts 261 array of COSE_CertHash CBOR array of instances of COSE_CertHash [Clause 5.2.2 of ETSI TS 119152-1 V0.0.9]
srCms 262 array of SrCm set of commitments and optional commitments qualifiers [Clause 5.2.3 of ETSI TS 119152-1 V0.0.9]
sigPl 263 map CBOR map for indicating the location where the signature was generated. It may contain an indication of the country, the locality, the region, a box number in a post office, the postal code, and the street address [Clause 5.2.4 of ETSI TS 119152-1 V0.0.9]
srAts 264 map CBOR map that may contain: an array of attributes that the signer claims to be in possession of, an array of attribute certificates (X.509 attribute certificates or other) issued to the signer, an array of signed assertions issued by a third party to the signer, or any combination of the three aforementioned CBOR arrays [Clause 5.2.5 of ETSI TS 119152-1 V0.0.9]
adoTst 265 map CBOR map that encapsulates one or more electronic time-stamps, generated before the signature production, and whose message imprint computation input is the COSE Payload of the CB-AdES signature [Clause 5.2.6 of ETSI TS 119152-1 V0.0.9]
sigPId 266 map CBOR map that identifies a certain signature policy and may contain the digest of the document defining this signature policy. [Clause 5.2.7 of ETSI TS 119152-1 V0.0.9]
sigD 267 map CBOR map that references data objects that are detached from the CB-AdES signature and that are collectively signed. [Clause 5.2.8 of ETSI TS 119152-1 V0.0.9]
uHeaders 268 [+bstr] CBOR array that contains a number of CBOR elements that are placed within the array in the order they are incorporated into the CB-AdES signature [Clause 5.3.1 of ETSI TS 119152-1 V0.0.9]
Unassigned 269-393
receipts 394 array Priority ordered sequence of CBOR encoded Receipts (TEMPORARY - registered 2025-05-16, expires 2026-05-16) [draft-ietf-cose-merkle-tree-proofs-14, Section 2]
vds 395 int COSE Verifiable Data Structure (to be created for draft-ietf-cose-merkle-tree-proofs upon approval for publication as an RFC) Algorithm identifier for verifiable data structures, used to produce verifiable data structure proofs (TEMPORARY - registered 2025-05-16, expires 2026-05-16) [draft-ietf-cose-merkle-tree-proofs-14, Section 2]
vdp 396 map map key in COSE Verifiable Data Structure Proofs (to be created for draft-ietf-cose-merkle-tree-proofs upon approval for publication as an RFC) Location for verifiable data structure proofs in COSE Header Parameters (TEMPORARY - registered 2025-05-16, expires 2026-05-16) [draft-ietf-cose-merkle-tree-proofs-14, Section 2]

COSE Header Algorithm Parameters

Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats

CSV
Name Algorithm Label Type Description Reference
Unassigned -65536 to -30
x5chain-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -29 COSE_X509 static key X.509 certificate chain [RFC9360]
x5u-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -28 uri URI for the sender's X.509 certificate [RFC9360]
x5t-sender ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -27 COSE_CertHash Thumbprint for the sender's X.509 certificate [RFC9360]
PartyV other direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -26 bstr Party V other provided information [RFC9053]
PartyV nonce direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -25 bstr / int Party V provided nonce [RFC9053]
PartyV identity direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -24 bstr Party V identity information [RFC9053]
PartyU other direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -23 bstr Party U other provided information [RFC9053]
PartyU nonce direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -22 bstr / int Party U provided nonce [RFC9053]
PartyU identity direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -21 bstr Party U identity information [RFC9053]
salt direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -20 bstr Random salt [RFC9053]
Unassigned -19 to -4
static key id ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -3 bstr Static public key identifier for the sender [RFC9053]
static key ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW -2 COSE_Key Static public key for the sender [RFC9053]
ephemeral key ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW -1 COSE_Key Ephemeral public key for the sender [RFC9053]

COSE Algorithms

Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053][RFC9054][RFC-ietf-jose-fully-specified-algorithms-13, Section 4.3.1]
Available Formats

CSV
Range Registration Procedures
Integers less than -65536 Private Use
Integer values from -65536 to -257 Specification Required
Integer values between -256 and 255 Standards Action With Expert Review
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action With Expert Review
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Name Value Description Capabilities Change Controller Reference Recommended
Reserved for Private Use less than -65536 [RFC9053] No
Unassigned -65536
RS1 -65535 RSASSA-PKCS1-v1_5 using SHA-1 [kty] IESG [RFC8812][RFC9053] Deprecated
A128CTR -65534 AES-CTR w/ 128-bit key [kty] IETF [RFC9459] Deprecated
A192CTR -65533 AES-CTR w/ 192-bit key [kty] IETF [RFC9459] Deprecated
A256CTR -65532 AES-CTR w/ 256-bit key [kty] IETF [RFC9459] Deprecated
A128CBC -65531 AES-CBC w/ 128-bit key [kty] IETF [RFC9459] Deprecated
A192CBC -65530 AES-CBC w/ 192-bit key [kty] IETF [RFC9459] Deprecated
A256CBC -65529 AES-CBC w/ 256-bit key [kty] IETF [RFC9459] Deprecated
Unassigned -65528 to -269
ESB512 -268 ECDSA using BrainpoolP512r1 curve and SHA-512 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No
ESB384 -267 ECDSA using BrainpoolP384r1 curve and SHA-384 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No
ESB320 -266 ECDSA using BrainpoolP320r1 curve and SHA-384 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No
ESB256 -265 ECDSA using BrainpoolP256r1 curve and SHA-256 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] No
KT256 -264 KT256 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No
KT128 -263 KT128 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No
TurboSHAKE256 -262 TurboSHAKE256 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No
TurboSHAKE128 -261 TurboSHAKE128 XOF [kty] IETF [RFC-irtf-cfrg-kangarootwelve-17] No
WalnutDSA -260 WalnutDSA signature [kty] [RFC9021][RFC9053] No
RS512 -259 RSASSA-PKCS1-v1_5 using SHA-512 [kty] IESG [RFC8812][RFC9053] No
RS384 -258 RSASSA-PKCS1-v1_5 using SHA-384 [kty] IESG [RFC8812][RFC9053] No
RS256 -257 RSASSA-PKCS1-v1_5 using SHA-256 [kty] IESG [RFC8812][RFC9053] No
Unassigned -256 to -54
Ed448 -53 EdDSA using Ed448 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes
ESP512 -52 ECDSA using P-521 curve and SHA-512 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes
ESP384 -51 ECDSA using P-384 curve and SHA-384 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes
ML-DSA-87 -50 CBOR Object Signing Algorithm for ML-DSA-87 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) [kty] [draft-ietf-cose-dilithium-06] Yes
ML-DSA-65 -49 CBOR Object Signing Algorithm for ML-DSA-65 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) [kty] [draft-ietf-cose-dilithium-06] Yes
ML-DSA-44 -48 CBOR Object Signing Algorithm for ML-DSA-44 (TEMPORARY - registered 2025-04-24, expires 2026-04-24) [kty] [draft-ietf-cose-dilithium-06] Yes
ES256K -47 ECDSA using secp256k1 curve and SHA-256 [kty] IESG [RFC8812][RFC9053] No
HSS-LMS -46 HSS/LMS hash-based digital signature [kty] [RFC8778][RFC9053] Yes
SHAKE256 -45 SHAKE-256 512-bit Hash Value [kty] [RFC9054][RFC9053] Yes
SHA-512 -44 SHA-2 512-bit Hash [kty] [RFC9054][RFC9053] Yes
SHA-384 -43 SHA-2 384-bit Hash [kty] [RFC9054][RFC9053] Yes
RSAES-OAEP w/ SHA-512 -42 RSAES-OAEP w/ SHA-512 [kty] [RFC8230][RFC9053] Yes
RSAES-OAEP w/ SHA-256 -41 RSAES-OAEP w/ SHA-256 [kty] [RFC8230][RFC9053] Yes
RSAES-OAEP w/ RFC 8017 default parameters -40 RSAES-OAEP w/ SHA-1 [kty] [RFC8230][RFC9053] Yes
PS512 -39 RSASSA-PSS w/ SHA-512 [kty] [RFC8230][RFC9053] Yes
PS384 -38 RSASSA-PSS w/ SHA-384 [kty] [RFC8230][RFC9053] Yes
PS256 -37 RSASSA-PSS w/ SHA-256 [kty] [RFC8230][RFC9053] Yes
ES512 -36 ECDSA w/ SHA-512 [kty] [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated
ES384 -35 ECDSA w/ SHA-384 [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated
ECDH-SS + A256KW -34 ECDH SS w/ Concat KDF and AES Key Wrap w/ 256-bit key [kty] [RFC9053] Yes
ECDH-SS + A192KW -33 ECDH SS w/ Concat KDF and AES Key Wrap w/ 192-bit key [kty] [RFC9053] Yes
ECDH-SS + A128KW -32 ECDH SS w/ Concat KDF and AES Key Wrap w/ 128-bit key [kty] [RFC9053] Yes
ECDH-ES + A256KW -31 ECDH ES w/ Concat KDF and AES Key Wrap w/ 256-bit key [kty] [RFC9053] Yes
ECDH-ES + A192KW -30 ECDH ES w/ Concat KDF and AES Key Wrap w/ 192-bit key [kty] [RFC9053] Yes
ECDH-ES + A128KW -29 ECDH ES w/ Concat KDF and AES Key Wrap w/ 128-bit key [kty] [RFC9053] Yes
ECDH-SS + HKDF-512 -28 ECDH SS w/ HKDF - generate key directly [kty] [RFC9053] Yes
ECDH-SS + HKDF-256 -27 ECDH SS w/ HKDF - generate key directly [kty] [RFC9053] Yes
ECDH-ES + HKDF-512 -26 ECDH ES w/ HKDF - generate key directly [kty] [RFC9053] Yes
ECDH-ES + HKDF-256 -25 ECDH ES w/ HKDF - generate key directly [kty] [RFC9053] Yes
Unassigned -24 to -20
Ed25519 -19 EdDSA using Ed25519 curve [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes
SHAKE128 -18 SHAKE-128 256-bit Hash Value [kty] [RFC9054][RFC9053] Yes
SHA-512/256 -17 SHA-2 512-bit Hash truncated to 256-bits [kty] [RFC9054][RFC9053] Yes
SHA-256 -16 SHA-2 256-bit Hash [kty] [RFC9054][RFC9053] Yes
SHA-256/64 -15 SHA-2 256-bit Hash truncated to 64-bits [kty] [RFC9054][RFC9053] Filter Only
SHA-1 -14 SHA-1 Hash [kty] [RFC9054][RFC9053] Filter Only
direct+HKDF-AES-256 -13 Shared secret w/ AES-MAC 256-bit key [kty] [RFC9053] Yes
direct+HKDF-AES-128 -12 Shared secret w/ AES-MAC 128-bit key [kty] [RFC9053] Yes
direct+HKDF-SHA-512 -11 Shared secret w/ HKDF and SHA-512 [kty] [RFC9053] Yes
direct+HKDF-SHA-256 -10 Shared secret w/ HKDF and SHA-256 [kty] [RFC9053] Yes
ESP256 -9 ECDSA using P-256 curve and SHA-256 [kty] IETF [RFC-ietf-jose-fully-specified-algorithms-13] Yes
EdDSA -8 EdDSA [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated
ES256 -7 ECDSA w/ SHA-256 [kty] IETF [RFC9053][RFC-ietf-jose-fully-specified-algorithms-13] Deprecated
direct -6 Direct use of CEK [kty] [RFC9053] Yes
A256KW -5 AES Key Wrap w/ 256-bit key [kty] [RFC9053] Yes
A192KW -4 AES Key Wrap w/ 192-bit key [kty] [RFC9053] Yes
A128KW -3 AES Key Wrap w/ 128-bit key [kty] [RFC9053] Yes
Unassigned -2 to -1
Reserved 0 [RFC9053] No
A128GCM 1 AES-GCM mode w/ 128-bit key, 128-bit tag [kty] [RFC9053] Yes
A192GCM 2 AES-GCM mode w/ 192-bit key, 128-bit tag [kty] [RFC9053] Yes
A256GCM 3 AES-GCM mode w/ 256-bit key, 128-bit tag [kty] [RFC9053] Yes
HMAC 256/64 4 HMAC w/ SHA-256 truncated to 64 bits [kty] [RFC9053] Yes
HMAC 256/256 5 HMAC w/ SHA-256 [kty] [RFC9053] Yes
HMAC 384/384 6 HMAC w/ SHA-384 [kty] [RFC9053] Yes
HMAC 512/512 7 HMAC w/ SHA-512 [kty] [RFC9053] Yes
Unassigned 8-9
AES-CCM-16-64-128 10 AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce [kty] [RFC9053] Yes
AES-CCM-16-64-256 11 AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce [kty] [RFC9053] Yes
AES-CCM-64-64-128 12 AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce [kty] [RFC9053] Yes
AES-CCM-64-64-256 13 AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce [kty] [RFC9053] Yes
AES-MAC 128/64 14 AES-MAC 128-bit key, 64-bit tag [kty] [RFC9053] Yes
AES-MAC 256/64 15 AES-MAC 256-bit key, 64-bit tag [kty] [RFC9053] Yes
Unassigned 16-23
ChaCha20/Poly1305 24 ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag [kty] [RFC9053] Yes
AES-MAC 128/128 25 AES-MAC 128-bit key, 128-bit tag [kty] [RFC9053] Yes
AES-MAC 256/128 26 AES-MAC 256-bit key, 128-bit tag [kty] [RFC9053] Yes
Unassigned 27-29
AES-CCM-16-128-128 30 AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce [kty] [RFC9053] Yes
AES-CCM-16-128-256 31 AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce [kty] [RFC9053] Yes
AES-CCM-64-128-128 32 AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce [kty] [RFC9053] Yes
AES-CCM-64-128-256 33 AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce [kty] [RFC9053] Yes
IV-GENERATION 34 For doing IV generation for symmetric algorithms. [RFC9053] No

COSE Key Common Parameters

Expert(s)
Francesca Palombini, Carsten Bormann
Reference
[RFC9052]
Available Formats

CSV
Range Registration Procedures
Integers less than -65536 Private Use
Integer values in the range -65536 to -1 used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry
Integer values between 0 and 255 Standards Action With Expert Review
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action With Expert Review
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Name Label CBOR Type Value Registry Description Reference
Reserved for Private Use less than -65536 [RFC9052]
used for key parameters specific to a single algorithm delegated to the COSE Key Type Parameters registry -65536 to -1 [RFC9052]
Reserved 0 [RFC9052]
kty 1 tstr / int COSE Key Types Identification of the key type [RFC9052]
kid 2 bstr Key identification value - match to kid in message [RFC9052]
alg 3 tstr / int COSE Algorithms Key usage restriction to this algorithm [RFC9052]
key_ops 4 [+ (tstr/int)] Restrict set of permissible operations [RFC9052]
Base IV 5 bstr Base IV to be XORed with Partial IVs [RFC9052]

COSE Key Type Parameters

Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats

CSV
Key Type Name Label CBOR Type Description Reference
1 crv -1 int / tstr EC identifier -- Taken from the "COSE Elliptic Curves" registry [RFC9053]
1 x -2 bstr Public Key [RFC9053]
1 d -4 bstr Private key [RFC9053]
2 crv -1 int / tstr EC identifier -- Taken from the "COSE Elliptic Curves" registry [RFC9053]
2 x -2 bstr x-coordinate [RFC9053]
2 y -3 bstr / bool y-coordinate [RFC9053]
2 d -4 bstr Private key [RFC9053]
3 n -1 bstr the RSA modulus n [RFC8230]
3 e -2 bstr the RSA public exponent e [RFC8230]
3 d -3 bstr the RSA private exponent d [RFC8230]
3 p -4 bstr the prime factor p of n [RFC8230]
3 q -5 bstr the prime factor q of n [RFC8230]
3 dP -6 bstr dP is d mod (p - 1) [RFC8230]
3 dQ -7 bstr dQ is d mod (q - 1) [RFC8230]
3 qInv -8 bstr qInv is the CRT coefficient q^(-1) mod p [RFC8230]
3 other -9 array other prime infos, an array [RFC8230]
3 r_i -10 bstr a prime factor r_i of n, where i >= 3 [RFC8230]
3 d_i -11 bstr d_i = d mod (r_i - 1) [RFC8230]
3 t_i -12 bstr the CRT coefficient t_i = (r_1 * r_2 * ... * r_(i-1))^(-1) mod r_i [RFC8230]
4 k -1 bstr Key Value [RFC9053]
5 pub -1 bstr Public key for HSS/LMS hash-based digital signature [RFC8778]
6 N -1 uint Group and Matrix (NxN) size [RFC9021]
6 q -2 uint Finite field F_q [RFC9021]
6 t-values -3 array (of uint) List of T-values, entries in F_q [RFC9021]
6 matrix 1 -4 array (of array of uint) NxN Matrix of entries in F_q in column-major form [RFC9021]
6 permutation 1 -5 array (of uint) Permutation associated with matrix 1 [RFC9021]
6 matrix 2 -6 array (of array of uint) NxN Matrix of entries in F_q in column-major form [RFC9021]
7 pub -1 bstr Public key [draft-ietf-cose-dilithium-06]

COSE Key Types

Registration Procedure(s)
Expert Review
Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats

CSV
Name Value Description Capabilities Reference
Reserved 0 This value is reserved [RFC9053]
OKP 1 Octet Key Pair [kty(1), crv] [RFC9053]
EC2 2 Elliptic Curve Keys w/ x- and y-coordinate pair [kty(2), crv] [RFC9053]
RSA 3 RSA Key [kty(3)] [RFC8230][RFC9053]
Symmetric 4 Symmetric Keys [kty(4)] [RFC9053]
HSS-LMS 5 Public key for HSS/LMS hash-based digital signature [kty(5), hash algorithm] [RFC8778][RFC9053]
WalnutDSA 6 WalnutDSA public key [kty(6)] [RFC9021][RFC9053]
AKP 7 COSE Key Type for Algorithm Key Pairs [kty(7)] [draft-ietf-cose-dilithium-06]

COSE Elliptic Curves

Expert(s)
Göran Selander, Derek Atkins, Sean Turner
Reference
[RFC9053]
Available Formats

CSV
Range Registration Procedures
Integers less than -65536 Private Use
Integer values -65536 to -257 Specification Required
Integer values -256 to 255 Standards Action With Expert Review
Integer values 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Name Value Key Type Description Change Controller Reference Recommended
Reserved for Private Use Integer values less than -65536 [RFC9053] No
Unassigned -65536 to -1
Reserved 0 [RFC9053] No
P-256 1 EC2 NIST P-256 also known as secp256r1 [RFC9053] Yes
P-384 2 EC2 NIST P-384 also known as secp384r1 [RFC9053] Yes
P-521 3 EC2 NIST P-521 also known as secp521r1 [RFC9053] Yes
X25519 4 OKP X25519 for use w/ ECDH only [RFC9053] Yes
X448 5 OKP X448 for use w/ ECDH only [RFC9053] Yes
Ed25519 6 OKP Ed25519 for use w/ EdDSA only [RFC9053] Yes
Ed448 7 OKP Ed448 for use w/ EdDSA only [RFC9053] Yes
secp256k1 8 EC2 SECG secp256k1 curve IESG [RFC8812] No
Unassigned 9-255
brainpoolP256r1 256 EC2 BrainpoolP256r1 [ISO/IEC JTC 1/SC 17/WG 10] [ISO/IEC 18013-5:2021, 9.1.5.2] No
brainpoolP320r1 257 EC2 BrainpoolP320r1 [ISO/IEC JTC 1/SC 17/WG 10] [ISO/IEC 18013-5:2021, 9.1.5.2] No
brainpoolP384r1 258 EC2 BrainpoolP384r1 [ISO/IEC JTC 1/SC 17/WG 10] [ISO/IEC 18013-5:2021, 9.1.5.2] No
brainpoolP512r1 259 EC2 BrainpoolP512r1 [ISO/IEC JTC 1/SC 17/WG 10] [ISO/IEC 18013-5:2021, 9.1.5.2] No