Content #

• Content
  • Features
  • Requirements
  • Install
  • Example
  • Limitations
  • Support
  • License

Features #

This package exposes a CBOR Object Signing and Encryption RFC-9052, RFC-9053 implementation.

Requirements #

• Dart: 3.5.0+

Install #

dependencies:
    catalyst_cose: any # or the latest version on Pub

Example #

// ignore_for_file: avoid_print

import 'dart:convert';
import 'dart:typed_data';

import 'package:catalyst_cose/catalyst_cose.dart';
import 'package:cbor/cbor.dart';
import 'package:convert/convert.dart';
import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  await _coseSign1();
  await _coseSign();
}

Future<void> _coseSign1() async {
  final algorithm = Ed25519();
  final keyPair = await algorithm.newKeyPairFromSeed(List.filled(32, 0));
  final signerVerifier = _SignerVerifier(algorithm, keyPair);

  final coseSign1 = await CoseSign1.sign(
    protectedHeaders: const CoseHeaders.protected(),
    unprotectedHeaders: const CoseHeaders.unprotected(),
    signer: signerVerifier,
    payload: utf8.encode('This is the content.'),
  );

  final verified = await coseSign1.verify(
    verifier: signerVerifier,
  );

  print('COSE_SIGN1:');
  print(hex.encode(cbor.encode(coseSign1.toCbor())));
  print('verified: $verified');

  assert(
    verified,
    'The signature proves that given COSE_SIGN1 structure has been '
    'signed by the owner of the given public key',
  );
}

Future<void> _coseSign() async {
  final algorithm = Ed25519();
  final keyPair = await algorithm.newKeyPairFromSeed(List.filled(32, 0));
  final signerVerifier = _SignerVerifier(algorithm, keyPair);

  final coseSign = await CoseSign.sign(
    protectedHeaders: const CoseHeaders.protected(),
    unprotectedHeaders: const CoseHeaders.unprotected(),
    signers: [signerVerifier],
    payload: utf8.encode('This is the content.'),
  );

  final verified = await coseSign.verifyAll(
    verifiers: [signerVerifier],
  );

  print('COSE_SIGN:');
  print(hex.encode(cbor.encode(coseSign.toCbor())));
  print('verified: $verified');

  assert(
    verified,
    'The signature proves that given COSE_SIGN structure has been '
    'signed by the owner of the given public key',
  );
}

final class _SignerVerifier
    implements CatalystCoseSigner, CatalystCoseVerifier {
  final SignatureAlgorithm _algorithm;
  final SimpleKeyPair _keyPair;

  const _SignerVerifier(this._algorithm, this._keyPair);

  @override
  StringOrInt? get alg => const IntValue(CoseValues.eddsaAlg);

  @override
  Future<Uint8List?> get kid async {
    final pk = await _keyPair.extractPublicKey();
    return Uint8List.fromList(pk.bytes);
  }

  @override
  Future<Uint8List> sign(Uint8List data) async {
    final signature = await _algorithm.sign(data, keyPair: _keyPair);
    return Uint8List.fromList(signature.bytes);
  }

  @override
  Future<bool> verify(Uint8List data, Uint8List signature) async {
    final publicKey = await _keyPair.extractPublicKey();
    return _algorithm.verify(
      data,
      signature: Signature(
        signature,
        publicKey: SimplePublicKey(publicKey.bytes, type: KeyPairType.ed25519),
      ),
    );
  }
}

Limitations #

This package supports only a subset of COSE features and algorithms. More features and algorithms are supposed to be added in the feature.

Supported features:

• COSE_SIGN_1: signature + verification

Supported algorithms:

• EdDSA: Ed25519

Support #

Post issues and feature requests on the GitHub issue tracker. Please read our CONTRIBUTING for guidelines on how to contribute.

License #

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.