Skip to content

Update algorithms and supported specs for fully specified algs. #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dajiaji merged 1 commit into from
Jul 20, 2025
Merged

Update algorithms and supported specs for fully specified algs. #620

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ implementation compliant with:
- [RFC8392: CWT (CBOR Web Token)](https://tools.ietf.org/html/rfc8392)
- [draft-07: Use of HPKE with COSE](https://www.ietf.org/archive/id/draft-ietf-cose-hpke-07.html) - experimental
- [draft-06: CWT Claims in COSE Headers](https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-06.html) - experimental
- [draft-13: Fully-Specified Algorithms for JOSE and COSE](https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-13.html)
- and related various specifications. See [Referenced Specifications](#referenced-specifications).

It is designed to make users who already know about [JWS](https://tools.ietf.org/html/rfc7515)/[JWE](https://tools.ietf.org/html/rfc7516)/[JWT](https://tools.ietf.org/html/rfc7519)
Expand Down Expand Up @@ -1748,6 +1749,7 @@ Python CWT is (partially) compliant with following specifications:
- [RFC8152: CBOR Object Signing and Encryption (COSE)](https://tools.ietf.org/html/rfc8152)
- [draft-07: Use of HPKE with COSE](https://www.ietf.org/archive/id/draft-ietf-cose-hpke-07.html) - experimental
- [draft-06: CWT Claims in COSE Headers](https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-06.html) - experimental
- [draft-13: Fully-Specified Algorithms for JOSE and COSE](https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-13.html)
- [Electronic Health Certificate Specification](https://github.com/ehn-dcc-development/hcert-spec/blob/main/hcert_spec.md)
- [Technical Specifications for Digital Green Certificates Volume 1](https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v1_en.pdf)

Expand Down
35 changes: 29 additions & 6 deletions docs/algorithms.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,17 @@ COSE Key Types
COSE Algorithms
---------------

-65534: 128, # AES-CTR w/ 128-bit key (Deprecated)
-65533: 192, # AES-CTR w/ 192-bit key (Deprecated)
-65532: 256, # AES-CTR w/ 256-bit key (Deprecated)
-65531: 128, # AES-CBC w/ 128-bit key (Deprecated)
-65530: 192, # AES-CBC w/ 192-bit key (Deprecated)
-65529: 256, # AES-CBC w/ 256-bit key (Deprecated)
-65534: A128CTR, # AES-CTR w/ 128-bit key (Deprecated)
-65533: A192CTR, # AES-CTR w/ 192-bit key (Deprecated)
-65532: A256CTR, # AES-CTR w/ 256-bit key (Deprecated)
-65531: A128CBC, # AES-CBC w/ 128-bit key (Deprecated)
-65530: A192CBC, # AES-CBC w/ 192-bit key (Deprecated)
-65529: A256CBC, # AES-CBC w/ 256-bit key (Deprecated)
-65529: A256CBC, # AES-CBC w/ 256-bit key (Deprecated)
-36: ES512, # ECDSA w/ SHA-512 (Deprecated)
-35: ES384, # ECDSA w/ SHA-384 (Deprecated)
-8: EdDSA, # EdDSA (Deprecated)
-7: ES256, # ECDSA w/ SHA-256 (Deprecated)

+------------------------+--------+-------+-----------------------------------------------------+
| Name | Status | Value | Description |
Expand All @@ -54,6 +59,14 @@ COSE Algorithms
+------------------------+--------+-------+-----------------------------------------------------+
| A256CBC | ✅ | -65529| AES-CBC w/ 256-bit key |
+------------------------+--------+-------+-----------------------------------------------------+
| ESB512 | | -268 | ECDSA using BrainpoolP512r1 curve and SHA-512 |
+------------------------+--------+-------+-----------------------------------------------------+
| ESB384 | | -267 | ECDSA using BrainpoolP384r1 curve and SHA-384 |
+------------------------+--------+-------+-----------------------------------------------------+
| ESB320 | | -266 | ECDSA using BrainpoolP320r1 curve and SHA-384 |
+------------------------+--------+-------+-----------------------------------------------------+
| ESB256 | | -265 | ECDSA using BrainpoolP256r1 curve and SHA-256 |
+------------------------+--------+-------+-----------------------------------------------------+
| WalnutDSA | | -260 | WalnutDSA signature |
+------------------------+--------+-------+-----------------------------------------------------+
| RS512 | ✅ | -259 | RSASSA-PKCS1-v1_5 using SHA-512 |
Expand All @@ -62,6 +75,12 @@ COSE Algorithms
+------------------------+--------+-------+-----------------------------------------------------+
| RS256 | ✅ | -257 | RSASSA-PKCS1-v1_5 using SHA-256 |
+------------------------+--------+-------+-----------------------------------------------------+
| Ed448 | ✅ | -53 | EdDSA using Ed448 curve |
+------------------------+--------+-------+-----------------------------------------------------+
| ESP512 | ✅ | -52 | ECDSA using P-521 curve and SHA-512 |
+------------------------+--------+-------+-----------------------------------------------------+
| ESP384 | ✅ | -51 | ECDSA using P-384 curve and SHA-384 |
+------------------------+--------+-------+-----------------------------------------------------+
| ES256K | ✅ | -47 | ECDSA using secp256k1 curve and SHA-256 |
+------------------------+--------+-------+-----------------------------------------------------+
| HSS-LMS | | -46 | HSS/LMS hash-based digital signature |
Expand Down Expand Up @@ -116,6 +135,8 @@ COSE Algorithms
+------------------------+--------+-------+-----------------------------------------------------+
| ECDH-ES + HKDF-256 | ✅ | -25 | ECDH ES w/ HKDF - generate key directly |
+------------------------+--------+-------+-----------------------------------------------------+
| Ed25519 | ✅ | -19 | EdDSA using Ed25519 curve |
+------------------------+--------+-------+-----------------------------------------------------+
| SHAKE128 | | -18 | SHAKE-128 256-bit Hash Value |
+------------------------+--------+-------+-----------------------------------------------------+
| SHA-512/256 | | -17 | SHA-2 512-bit Hash truncated to 256-bits |
Expand All @@ -134,6 +155,8 @@ COSE Algorithms
+------------------------+--------+-------+-----------------------------------------------------+
| direct+HKDF-SHA-256 | ✅ | -10 | Shared secret w/ HKDF and SHA-256 |
+------------------------+--------+-------+-----------------------------------------------------+
| ESP256 | ✅ | -9 | ECDSA using P-256 curve and SHA-256 |
+------------------------+--------+-------+-----------------------------------------------------+
| EdDSA | ✅ | -8 | EdDSA |
+------------------------+--------+-------+-----------------------------------------------------+
| ES256 | ✅ | -7 | ECDSA w/ SHA-256 |
Expand Down
Loading