CBOR Object Signing and Encryption


CBOR Object Signing and Encryption (COSE) is defined in RFC 8152 defines the CBOR Object Signing and Encryption (COSE) standard specified how to process encryption, signatures, and Message Authentication Code (MAC) operations and how to encode keys using CBOR

Concise Binary Object Representation (CBOR, RFC 7049) is a concise binary format for the serialization of data structured to an extended version of the JSON data model.

CBOR Object Signing and Encryption seeks to create CBOR-based object signing and encryption formats. One motivation for CBOR Object Signing and Encryption was to reuse functionality from the JOSE working group using the CBOR data representation as it is more amenable to Constrained Nodes and Constrained Networks (RFC 7228).

The JOSE working group recently completed producing representations for cryptographic keys, message authentication (MACs), encryption, and digital Signatures, using JSON representation.

The resulting formats will not be cryptographically convertible from or to JOSE formats. This lack of a need for bit-for-bit compatibility will enable some simplification in the adaptation process.

Criteria that should be considered in the decision making process, changing from JSON to CBOR encoding include:

  • Maintain the current JOSE paradigms and formatting where feasible.
  • Minimize message size, code size, and computational complexity to suit constrained environments, where this is expected to be used.
  • Improve security
  • Provide new functionality for additional use cases that were not required for JOSE.

More Information#

There might be more information for this subject on one of the following: