feat: enhance key's kid with CBOR

README.md

@@ -60,6 +60,8 @@ const privKey = Ed25519Key.generate()
 const pubKey = privKey.public()
 // const pubKey = Ed25519Key.fromPublic(32_bytes_public)
 
+const externalData = utf8ToBytes('@ldclabs/cose-ts') // optional
+
 // signing
 const claims = new Claims()
 claims.iss = 'ldclabs'
@@ -69,14 +71,14 @@ claims.exp = Math.floor(Date.now() / 1000) + 3600
 claims.cti = randomBytes(16)
 
 const cwtMsg = new Sign1Message(claims.toBytes())
-const cwtData = cwtMsg.toBytes(privKey, utf8ToBytes('@ldclabs/cose-ts'))
+const cwtData = cwtMsg.toBytes(privKey, externalData)
 // const cwtDataWithTag = withCWTTag(cwtData)
 
 // verifying
 const cwtMsg2 = Sign1Message.fromBytes(
   pubKey,
   cwtData, // or cwtDataWithTag
-  utf8ToBytes('@ldclabs/cose-ts')
+  externalData
 )
 const claims2 = Claims.fromBytes(cwtMsg2.payload)
 const validator = new Validator({ expectedIssuer: 'ldclabs' })

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ldclabs/cose-ts",
   "type": "module",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "author": "0xZensh <[email protected]>",
   "description": "Implemented Keys, Algorithms (RFC9053), COSE (RFC9052) and CWT (RFC8392) in TypeScript.",
   "license": "MIT",
@@ -120,14 +120,14 @@
     "test": "vitest src --coverage --run"
   },
   "devDependencies": {
-    "@types/node": "^20.11.4",
+    "@types/node": "^20.11.5",
     "@typescript-eslint/eslint-plugin": "^6.19.0",
     "@typescript-eslint/parser": "^6.19.0",
-    "@vitest/coverage-v8": "^1.2.0",
+    "@vitest/coverage-v8": "^1.2.1",
     "eslint": "^8.56.0",
     "eslint-plugin-import": "^2.29.1",
     "typescript": "^5.3.3",
-    "vitest": "^1.2.0"
+    "vitest": "^1.2.1"
   },
   "keywords": [
     "cose",
@@ -137,9 +137,9 @@
     "RFC9053"
   ],
   "dependencies": {
-    "cborg": "^4.0.8",
-    "@noble/ciphers": "^0.4.1",
-    "@noble/curves": "^1.3.0",
-    "@noble/hashes": "^1.3.3"
+    "@noble/ciphers": "=0.4.1",
+    "@noble/curves": "=1.3.0",
+    "@noble/hashes": "=1.3.3",
+    "cborg": "^4.0.8"
   }
 }

src/aesgcm.ts

@@ -5,22 +5,22 @@ import { gcm } from '@noble/ciphers/webcrypto/aes'
 import * as iana from './iana'
 import { RawMap, assertBytes } from './map'
 import { Key, type Encryptor } from './key'
-import { utf8ToBytes, randomBytes } from './utils'
+import { randomBytes } from './utils'
 
 // TODO: more checks
 // AesGcmKey implements content encryption algorithm AES-GCM for COSE as defined in RFC9053.
 // https://datatracker.ietf.org/doc/html/rfc9053#name-aes-gcm.
 export class AesGcmKey extends Key implements Encryptor {
-  static generate(alg: number, kid?: string): AesGcmKey {
+  static generate(alg: number, kid?: Uint8Array): AesGcmKey {
     return AesGcmKey.fromSecret(randomBytes(getKeySize(alg)), kid)
   }
 
-  static fromSecret(secret: Uint8Array, kid?: string): AesGcmKey {
+  static fromSecret(secret: Uint8Array, kid?: Uint8Array): AesGcmKey {
     const alg = getAlg(assertBytes(secret, 'secret'))
     const key = new AesGcmKey()
     key.alg = alg
     if (kid) {
-      key.kid = utf8ToBytes(kid)
+      key.kid = kid
     }
     key.setParam(iana.SymmetricKeyParameterK, secret)
     return key

src/chacha20poly1305.ts

@@ -5,17 +5,17 @@ import { chacha20poly1305 } from '@noble/ciphers/chacha'
 import * as iana from './iana'
 import { RawMap, assertBytes } from './map'
 import { Key, type Encryptor } from './key'
-import { utf8ToBytes, randomBytes } from './utils'
+import { randomBytes } from './utils'
 
 // TODO: more checks
 // ChaCha20Poly1305Key implements content encryption algorithm ChaCha20/Poly1305 for COSE as defined in RFC9053.
 // https://datatracker.ietf.org/doc/html/rfc9053#name-chacha20-and-poly1305.
 export class ChaCha20Poly1305Key extends Key implements Encryptor {
-  static generate(kid?: string): ChaCha20Poly1305Key {
+  static generate(kid?: Uint8Array): ChaCha20Poly1305Key {
     return ChaCha20Poly1305Key.fromSecret(randomBytes(32), kid)
   }
 
-  static fromSecret(secret: Uint8Array, kid?: string): ChaCha20Poly1305Key {
+  static fromSecret(secret: Uint8Array, kid?: Uint8Array): ChaCha20Poly1305Key {
     assertBytes(secret, 'secret')
     if (secret.length !== 32) {
       throw new Error(
@@ -24,7 +24,7 @@ export class ChaCha20Poly1305Key extends Key implements Encryptor {
     }
     const key = new ChaCha20Poly1305Key()
     if (kid) {
-      key.kid = utf8ToBytes(kid)
+      key.kid = kid
     }
     key.setParam(iana.SymmetricKeyParameterK, secret)
     return key

src/ecdsa.ts

@@ -8,18 +8,17 @@ import { CurveFn } from '@noble/curves/abstract/weierstrass'
 import * as iana from './iana'
 import { RawMap, assertBytes } from './map'
 import { Key, type Signer, Verifier } from './key'
-import { utf8ToBytes } from './utils'
 
 // TODO: more checks
 // ECDSAKey implements signature algorithm ECDSA for COSE as defined in RFC9053.
 // https://datatracker.ietf.org/doc/html/rfc9053#name-ecdsa.
 export class ECDSAKey extends Key implements Signer, Verifier {
-  static generate(alg: number, kid?: string): ECDSAKey {
+  static generate(alg: number, kid?: Uint8Array): ECDSAKey {
     const curve = getCurve(alg)
     return ECDSAKey.fromSecret(curve.utils.randomPrivateKey(), kid)
   }
 
-  static fromSecret(secret: Uint8Array, kid?: string): ECDSAKey {
+  static fromSecret(secret: Uint8Array, kid?: Uint8Array): ECDSAKey {
     assertBytes(secret, 'secret')
     const alg = getAlg(secret.length)
     const key = new ECDSAKey()
@@ -34,12 +33,12 @@ export class ECDSAKey extends Key implements Signer, Verifier {
     key.setParam(iana.EC2KeyParameterD, secret)
 
     if (kid) {
-      key.kid = utf8ToBytes(kid)
+      key.kid = kid
     }
     return key
   }
 
-  static fromPublic(pubkey: Uint8Array, kid?: string): ECDSAKey {
+  static fromPublic(pubkey: Uint8Array, kid?: Uint8Array): ECDSAKey {
     assertBytes(pubkey, 'public key')
     if (pubkey.length < 33) {
       throw new Error(
@@ -79,7 +78,7 @@ export class ECDSAKey extends Key implements Signer, Verifier {
     }
 
     if (kid) {
-      key.kid = utf8ToBytes(kid)
+      key.kid = kid
     }
     return key
   }