Skip to content
/ cose-java Public
forked from sbahloul/cose-java

Fork to support Brainpool and Edwards curves

License

BSD-3-Clause license
0 stars 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

walt-id/cose-java

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

209 Commits
.github/workflows
.github/workflows
 
 
Examples
Examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

COSE-JAVA Implementation Build Status Maven Central

This project is a JAVA implementation of the IETF CBOR Encoded Message Syntax (COSE). COSE has reached RFC status and is now available at RFC 8152.

In addition to the core document the following have also become RFCs:

  • RFC 8230 How to use RSA algorithms with COSE. (Not currently supported)

At the moment, this layer is not compliant with:

The project is implemented using Bouncy Castle for the crypto libraries and uses the PeterO CBOR library for its CBOR implementation.

How to Install

Starting with version 0.9.0, the Java implementation is available as an artifact in the Central Repository. To add this library to a Maven project, add the following to the dependencies section in your pom.xml file:

<dependency>
  <groupId>org.cose.java</groupId>
  <artifactId>cose-java</artifactId>
  <version>1.1.1-SNAPSHOT</version>
</dependency>

In other Java-based environments, the library can be referred to by its group ID ('org.cose.java'), artifact ID ('cose-java'), and version, as given above.

Cryptographic Providers

Starting with version 0.9.7, the code was modified so that it only uses the JAVA cryptographic provider infrastructure rather than directly relying on the BouncyCastle implementations of these algorithms. There are two implications of these changes that people need to be aware of at this time.

  • By default JAVA is installed with a limited set of enabled cryptographic algorithms. This can be noted by the fact that an algorithm is supported, but that not all key sizes for the algorithm are enabled. In order to deal with this one needs to install the 'Java Cryptographic Extension Unlimited Strenght Jurisdiction Policy Files' for your version of JAVA runtime. An example of this for JAVA 8 is (http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html).

  • Some modes and algorithms are not generally supported by the default Cryptographic Provider. One example of this is the CCM mode for AES. Getting these algorithms to work requires that a new provider be installed as part of the application so that it is available for this module. Sample code that installs the BouncyCastle provider is:

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.Security;
import java.security.Provider;

public class InstallBouncyCastle {
    private static final Provider PROVIDER;

    public static void installProvider() throws Exception {
        if (PROVIDER != null) return;
        PROVIDER = new BouncyCastleProvider();
        Security.insertProviderAt(PROVIDER, 1);
    }

    public static void removeProvider() throws Exception {
        Security.removeProvider(PROVIDER.getName());
        PROVIDER = null;
    }
}

Documentation

Still need to figure this out.

Contributing

Go ahead, file issues, make pull requests. There is an automated build process that will both build and run the test suites on any requests. These will need to pass, or have solid documentation about why they do not pass, before any pull request will be merged.

Building

Dependencies:

  • COSE Examples: the Examples should be in the same parent directory as the pom.xml file.

About

Fork to support Brainpool and Edwards curves

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%