Assume you have a message like this, where a tag holding a URL acts as an object type Id:
1010(["https://example.com/status";, { / temperature / 1: 2.56, / weight / 2: 505, / timestamp / 3: "2024-08-22T15:32:20Z" }]) Using the CBOR Signature Format (CSF) you would get this: 1010(["https://example.com/status";, { 1: 2.56, 2: 505, 3: "2024-08-22T15:32:20Z", / Signature container / -1: { / Signature algorithm (COSE Ed25519) / 1: -50, / Ed25519 public key in COSE format / 4: { 1: 1, -1: 6, -2: h'fe49acf5b92b6e923594f2e83368f680ac924be93cf533aecaf802e37757f8c9' }, / Signature value / 6: h'1f10bf2efcfddee741a6dea052ef49e6b67dd549d580be36e5a1d50dc3f9afd5fb92a28ce37dfc877111ff35fb2f4c1f21ff0b0b48bdc04276742e6af033330b' } }]) Compared to COSE you get the following advantages: - The entire message is signed including the object type Id - The message is kept in its original form - Headers are in clear - Extremely simple algorithm WDYT? Anders https://datatracker.ietf.org/doc/draft-ietf-cbor-cde/ https://cyberphone.github.io/javaapi/org/webpki/cbor/doc-files/signatures.html https://www.ietf.org/archive/id/draft-rundgren-cotx-04.html _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
