Skip to main content

CBOR Object Signing and Encryption (COSE) implementation

Project description

pycose:snake: --- CBOR Object Signing and Encryption

Python package Documentation Status

This project is a Python implementation of the IETF CBOR Encoded Message Syntax (COSE). COSE has reached RFC status and is now available at RFC 8152.

Installation

$ pip install cose

:warning:WARNING:warning:: There is package on PyPI called pycose which contains old code from this repository. Since I am not the maintainer I cannot update that package or remove it.

What is COSE ?

CBOR Encoded Message Syntax (COSE) is a data format for concise representation of small messages RFC 8152. COSE is optimized for low power devices. The messages can be encrypted, MAC'ed and signed. There are 6 different types of COSE messages:

  • Encrypt0: An encrypted COSE message with a single recipient. The payload and AAD are protected by a shared CEK (Content Encryption Keys)
  • Encrypt: An encrypted COSE message can have multiple recipients. For each recipient the CEK is encrypted with a KEK (Key Encryption Key) - using AES key wrap - and added to the message.
  • MAC0: An authenticated COSE message with one recipient.
  • MAC: An authenticated COSE message that can have multiple recipients. For each recipient, the authentication key is encrypted with a KEK and added to the message.
  • Sign1: A signed COSE message with a single signature.
  • Sign: A COSE message that has been signed by multiple entities (each signature is carried in a COSE signature structure, added to the message).

A basic COSE message consists of 2 information buckets and the payload:

  • Protected header: This message field contains information that needs to be protected. This information is taken into account during the encryption, calculation of the MAC or the signature.
  • Unprotected header: The information contained in the unprotected header is not protected by the cryptographic algorithms.
  • Payload: Contains the payload of the message, protected (mac'ed, signed or encrypted) by the cryptographic algorithms.

Additionally, based on the message type, other message fields can be added:

  • MAC or signature (for MAC0 or Sign1 messages)
  • COSE recipients or COSE signatures (for MAC, Encrypt, and Sign messages)

Examples

Encoding

from binascii import unhexlify
from cose.messages import Enc0Message
from cose.keys import SymmetricKey

# Create a COSE Encrypt0 Message
msg = Enc0Message(
    phdr={'ALG': 'A128GCM', 'IV': unhexlify(b'01010101010101010101010101010101')},
    uhdr={'KID': b'meriadoc.brandybuck@buckland.example'},
    payload='a secret message'.encode('utf-8')
)

# Create a COSE Symmetric Key
cose_key = SymmetricKey(key=unhexlify(b'000102030405060708090a0b0c0d0e0f'))
msg.key = cose_key

# Performs encryption and CBOR serialization
msg.encode()
b'\xd0\x83U\xa2\x01\x01\x05P\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xa1\x04X$meriadoc.brandybuck@buckland.exampleX \xc4\xaf\x85\xacJQ4\x93\x19\x93\xec\n\x18c\xa6\xe8\xc6n\xf4\xc9\xac\x161^\xe6\xfe\xcd\x9b.\x1cy\xa1'

Decoding

from binascii import unhexlify
from cose.messages import CoseMessage
from cose.keys import SymmetricKey

# message bytes (CBOR encoded)
msg =  b'\xd0\x83U\xa2\x01\x01\x05P\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xa1\x04X$meriadoc.brandybuck@buckland.exampleX \xc4\xaf\x85\xacJQ4\x93\x19\x93\xec\n\x18c\xa6\xe8\xc6n\xf4\xc9\xac\x161^\xe6\xfe\xcd\x9b.\x1cy\xa1'

cose_msg = CoseMessage.decode(msg)

# Create a COSE Symmetric Key
cose_key = SymmetricKey(key=unhexlify(b'000102030405060708090a0b0c0d0e0f'))
cose_msg.key = cose_key

cose_msg.decrypt()
b'a secret message'

More examples

More examples can be found here

Testing

To run the test suite you need pytest:

$ pip install pytest

Move to the root of the repository and type:

$ pytest

Cryptography

The project depends on pyca/cryptography for all cryptographic operations, except the deterministic ECDSA algorithm. For deterministic ECDSA cose uses python-ecdsa.

Documentation

More documentation on COSE and the cose API can be found at: https://pycose.readthedocs.io

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cose-0.9.dev5.tar.gz (28.9 kB view details)

Uploaded Source

Built Distribution

cose-0.9.dev5-py3-none-any.whl (43.2 kB view details)

Uploaded Python 3

File details

Details for the file cose-0.9.dev5.tar.gz.

File metadata

  • Download URL: cose-0.9.dev5.tar.gz
  • Upload date:
  • Size: 28.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/1.5.0 pkginfo/1.5.0.1 requests/2.24.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.6.9

File hashes

Hashes for cose-0.9.dev5.tar.gz
Algorithm Hash digest
SHA256 83b6734b6d6d7621033b667536bd96f40f4025a49a347a5e5967ea81d638c180
MD5 b397bd205bf935dab391a9060373fb15
BLAKE2b-256 9b5ca988a7d43552618a1f8a8bff6c856fef8e82c10269eba7060bd3ce4fb997

See more details on using hashes here.

File details

Details for the file cose-0.9.dev5-py3-none-any.whl.

File metadata

  • Download URL: cose-0.9.dev5-py3-none-any.whl
  • Upload date:
  • Size: 43.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/1.5.0 pkginfo/1.5.0.1 requests/2.24.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.6.9

File hashes

Hashes for cose-0.9.dev5-py3-none-any.whl
Algorithm Hash digest
SHA256 943515bc05c0e29690a49ddf8018dfd7029b15555db76da0f5dc6e79e69eebe7
MD5 6d9e20a4721b3cd973fcc68980e24215
BLAKE2b-256 232cd4db0eb254256acc7502ebd24bd52797d605bf7d1139f4eb526332ed7c7c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page