Giters

transmute-industries / cose

A COSE SDK for TypeScript

Home Page:https://datatracker.ietf.org/doc/draft-steele-cose-merkle-tree-proofs/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cborcosemerkle-proofmerkle-treescittcwtx509

cose

CI Branches Functions Lines Statements Jest coverage

Questions? Contact Transmute

Usage

🔥 This package is not stable or suitable for production use 🚧

npm install '@transmute/cose'
import * as cose from "@transmute/cose";
const cose = require("@transmute/cose");
const issuerSecretKeyJwk = await cose.key.generate<cose.SecretKeyJwk>(
  "ES256",
  "application/jwk+json"
);
const issuerPublicKeyJwk = await cose.key.publicFromPrivate<cose.PublicKeyJwk>(
  issuerSecretKeyJwk
);

const notarySecretKeyJwk = await cose.key.generate<cose.SecretKeyJwk>(
  "ES256",
  "application/jwk+json"
);
const notaryPublicKeyJwk = await cose.key.publicFromPrivate<cose.PublicKeyJwk>(
  notarySecretKeyJwk
);

const issuer = cose.detached.signer({
  remote: cose.crypto.signer({
    secretKeyJwk: issuerSecretKeyJwk,
  }),
});
const notary = cose.detached.signer({
  remote: cose.crypto.signer({
    secretKeyJwk: notarySecretKeyJwk,
  }),
});

const content = fs.readFileSync("./examples/image.png");
const signatureForImage = await issuer.sign({
  protectedHeader: new Map<number, any>([
    [1, -7], // signing algorithm ES256
    [3, "image/png"], // content type image/png
    [4, issuerPublicKeyJwk.kid], // issuer key identifier
  ]),
  unprotectedHeader: new Map(),
  payload: content,
});
const transparencyLogContainingImageSignatures = [
  await cose.receipt.leaf(signatureForImage),
];
const receiptForImageSignature = await cose.receipt.inclusion.issue({
  protectedHeader: new Map<number, any>([
    [1, -7], // signing algorithm ES256
    [-111, 1], // inclusion proof from RFC9162
    [4, notaryPublicKeyJwk.kid], // notary key identifier
  ]),
  entry: 0,
  entries: transparencyLogContainingImageSignatures,
  signer: notary,
});
const transparentSignature = await cose.receipt.add(
  signatureForImage,
  receiptForImageSignature
);
const resolve = async (
  coseSign1: cose.CoseSign1Bytes
): Promise<cose.PublicKeyJwk> => {
  const { tag, value } = cose.cbor.decodeFirstSync(coseSign1);
  if (tag !== 18) {
    throw new Error("Only tagged cose sign 1 are supported");
  }
  const [protectedHeaderBytes] = value;
  const protectedHeaderMap = cose.cbor.decodeFirstSync(protectedHeaderBytes);
  const kid = protectedHeaderMap.get(4);
  if (kid === issuerPublicKeyJwk.kid) {
    return issuerPublicKeyJwk;
  }
  if (kid === notaryPublicKeyJwk.kid) {
    return notaryPublicKeyJwk;
  }
  throw new Error("No verification key found in trust store.");
};
const verifier = await cose.receipt.verifier({
  resolve,
});
const verified = await verifier.verify({
  coseSign1: transparentSignature,
  payload: content,
});

COSE RFCs

COSE Drafts

SCITT Drafts

Develop

npm i
npm t
npm run lint
npm run build

About

A COSE SDK for TypeScript

https://datatracker.ietf.org/doc/draft-steele-cose-merkle-tree-proofs/

cborcosemerkle-proofmerkle-treescittcwtx509

License:Apache License 2.0

Languages

Language:TypeScript 96.8%Language:JavaScript 3.0%Language:Shell 0.2%