• Home
Name Date Size #Lines LOC

..--

CMakeLists.txtD12-May-20246.5 KiB220190

README.mdD12-May-20244 KiB10682

main.cD12-May-20248.2 KiB407304

payload.txtD12-May-202416 11

rsa-4096.ckD12-May-20241.5 KiB

set1.cksD12-May-20241.3 KiB

sign-rsa4096.sigD12-May-2024550

sign1_pass01.sigD12-May-202498

sign1_pass02.sigD12-May-202498

sign1_pass03.sigD12-May-202497

sign_pass01.sigD12-May-2024104

sign_pass02.sigD12-May-2024103

sign_pass03.sigD12-May-2024101

README.md

1# lws minimal example for cose_sign
2
3Demonstrates how to sign and verify using cose_sign and cose_key, providing a
4commandline tool for signing and verifying stdin.
5
6## build
7
8```
9 $ cmake . && make
10```
11
12## usage
13
14|Option|Sig|Val|Meaning|
15|---|---|---|---|
16|-s|o|||Select signing mode (stdin is payload)|
17|-k <keyset filepath>|o|o|One or a set of cose_keys|
18|--kid string|o|mac0|Specifies the key ID to use as a string|
19|--kid-hex HEXSTRING|o|mac0|Specifies the key ID to use as a hex blob|
20|--cose-sign|o|if no tag|Sets cose-sign mode|
21|--cose-sign1|o|if no tag|Sets cose-sign1 mode|
22|--cose-mac|o|if no tag|Sets cose-sign1 mode|
23|--cose-mac0|o|if no tag|Sets cose-sign1 mode|
24|--extra HEXSTRING|o|o|Optional extra payload data|
25
26HEXSTRING above means a string like `1a2b3c`
27
28Stdin is either the plaintext (if signing) or cose_sign (if verifying).
29
30For convenience, a keyset from the COSE RFC is provided in
31`minimal-examples/crypto/minimal-crypto-cose-sign/set1.cks`.  Six example
32cose_sign1 and cose_sign are also provided in that directory signed with keys
33from the provided keyset.
34
35## Examples
36
37### Validation
38
39The RFC8152 sign1_pass01.sig is a cose_sign1 that contains the ES256 alg
40parameter along with a kid hint that it was signed with the key with kid "11"
41from the RFC8152 key set.  So we just need to provide the signature and the key
42set and lws can sort it out.
43
44```
45$ cat sign1_pass01.sig | ./lws-crypto-cose-sign -k set1.cks
46[2021/07/26 05:41:29:1663] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on
47[2021/07/26 05:41:29:3892] N: results count 1
48[2021/07/26 05:41:29:3901] N: result: 0 (alg ES256, kid 3131)
49[2021/07/26 05:41:29:4168] N: main: PASS
50```
51
52Notice how the validation just delivers a results list and leaves it to the user
53code to iterate it, and confirm that it's happy with the result, the alg used,
54and the kid that was used.
55
56RFC8152 sign1_pass02.sig is similar but contains extra application data in the
57signature, that must be given at validation too.
58
59```
60$cat sign1_pass02.sig | ./lws-crypto-cose-sign -k set1.cks --extra 11aa22bb33cc44dd55006699
61[2021/07/26 05:55:50:9103] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on
62[2021/07/26 05:55:50:9381] N: 12
63[2021/07/26 05:55:51:0924] N:
64[2021/07/26 05:55:51:0939] N: 0000: 11 AA 22 BB 33 CC 44 DD 55 00 66 99                ..".3.D.U.f.
65[2021/07/26 05:55:51:0943] N:
66[2021/07/26 05:55:51:1368] N: results count 1
67[2021/07/26 05:55:51:1377] N: result: 0 (alg ES256, kid 3131)
68[2021/07/26 05:55:51:1657] N: main: PASS
69```
70
71### Signing
72
73Generate a cose-sign1 using ES256 and the key set key with id "11" for the
74payload given on stdin
75
76```
77$ echo -n "This is the content." |\
78   ./bin/lws-crypto-cose-sign -s -k set1.cks \
79   --kid 11 --alg ES256 > ./test.sig
80
8100000000  d2 84 43 a1 01 26 a1 04  42 31 31 54 54 68 69 73  |..C..&..B11TThis|
8200000010  20 69 73 20 74 68 65 20  63 6f 6e 74 65 6e 74 2e  | is the content.|
8300000020  58 40 b9 a8 85 09 17 7f  01 f6 78 5d 39 62 d0 44  |X@........x]9b.D|
8400000030  08 0b fa b4 b4 5b 17 80  c2 e3 ba a3 af 33 6f e6  |.....[.......3o.|
8500000040  44 09 13 1f cf 4f 17 5c  62 9f 8d 29 29 1c ab 28  |D....O.\b..))..(|
8600000050  b2 f4 e6 af f9 62 ea 69  52 90 07 0e 2c 40 72 d3  |.....b.iR...,@r.|
8700000060  12 cf                                             |..|
88
89```
90
91Same as above, but force it to use cose-sign layout
92
93```
94$ echo -n "This is the content." |\
95   ./bin/lws-crypto-cose-sign -s -k set1.cks \
96   --kid 11 --alg ES256 --cose-sign > ./test.sig
97
9800000000  d8 62 84 40 40 54 54 68  69 73 20 69 73 20 74 68  |.b.@@TThis is th|
9900000010  65 20 63 6f 6e 74 65 6e  74 2e 81 83 a1 01 26 a1  |e content.....&.|
10000000020  04 42 31 31 58 40 37 5d  93 48 20 b0 d0 75 16 41  |.B11X@7].H ..u.A|
10100000030  db 95 95 5b 39 7d 6d 92  6e 52 c9 78 96 d8 a2 9b  |...[9}m.nR.x....|
10200000040  62 62 89 9e e5 26 31 63  4b 90 d1 37 86 ca 82 a2  |bb...&1cK..7....|
10300000050  28 9a d2 82 a7 6d 24 23  cd de 58 91 47 98 bb 11  |(....m$#..X.G...|
10400000060  e4 b9 08 18 48 65                                 |....He|
105```
106