I am looking for a matching entry in COSE Key, similar to: https://datatracker.ietf.org/doc/html/rfc7517#section-4.7
I'm also not exactly sure what the verifier API should look like for cose sign1's that contain x5c in protected headers. normally it would be: verified = verify(message, signature, publicKey) But when x5c is present in the protected header, we expect the last cert to verify the signature always (right?): https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 So what reference value should be supplied to such a verifier API? Some background in case it's helpful, I'm trying to implement an identity based verification scheme for SCITT, where the issuer can use a regular cose key or a certificate chain terminating in some trusted reference value. I can imagine supplying a list of certificate thumbprints that are trusted, and checking that each cert in the chain matched the thumbprint list. or just supplying a list of root thumbprints, and only checking that the root is in the list... verified = verify(message, signature, trustedRootThumbprints) I'm not very familiar with building x509 related APIs, or working with both x509 and COSE. Thanks for your reply! OS On Wed, Oct 25, 2023 at 1:54 PM Emil Lundberg <[email protected]> wrote: > There is the COSE header parameter 33, "x5chain: An ordered chain of > X.509 certificates". Is that what you're looking for? > > Emil Lundberg > > Senior Software Engineer | Yubico <http://www.yubico.com/> > > > > > On Wed, Oct 25, 2023 at 7:52 PM Orie Steele <[email protected]> > wrote: > >> I was expecting to see it here: >> https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters >> >> Which label do I use to convert a JWK with x5c to a COSE Key? >> >> If there is no answer, what do I do until there is one? >> >> Pick an arbitrary label from "Reserved for Private Use" ? >> >> Regards, >> >> OS >> >> -- >> >> >> ORIE STEELE >> Chief Technology Officer >> www.transmute.industries >> >> <https://transmute.industries> >> _______________________________________________ >> COSE mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/cose >> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
