1d4afb5ceSopenharmony_ci# lws minimal example for cose_sign 2d4afb5ceSopenharmony_ci 3d4afb5ceSopenharmony_ciDemonstrates how to sign and verify using cose_sign and cose_key, providing a 4d4afb5ceSopenharmony_cicommandline tool for signing and verifying stdin. 5d4afb5ceSopenharmony_ci 6d4afb5ceSopenharmony_ci## build 7d4afb5ceSopenharmony_ci 8d4afb5ceSopenharmony_ci``` 9d4afb5ceSopenharmony_ci $ cmake . && make 10d4afb5ceSopenharmony_ci``` 11d4afb5ceSopenharmony_ci 12d4afb5ceSopenharmony_ci## usage 13d4afb5ceSopenharmony_ci 14d4afb5ceSopenharmony_ci|Option|Sig|Val|Meaning| 15d4afb5ceSopenharmony_ci|---|---|---|---| 16d4afb5ceSopenharmony_ci|-s|o|||Select signing mode (stdin is payload)| 17d4afb5ceSopenharmony_ci|-k <keyset filepath>|o|o|One or a set of cose_keys| 18d4afb5ceSopenharmony_ci|--kid string|o|mac0|Specifies the key ID to use as a string| 19d4afb5ceSopenharmony_ci|--kid-hex HEXSTRING|o|mac0|Specifies the key ID to use as a hex blob| 20d4afb5ceSopenharmony_ci|--cose-sign|o|if no tag|Sets cose-sign mode| 21d4afb5ceSopenharmony_ci|--cose-sign1|o|if no tag|Sets cose-sign1 mode| 22d4afb5ceSopenharmony_ci|--cose-mac|o|if no tag|Sets cose-sign1 mode| 23d4afb5ceSopenharmony_ci|--cose-mac0|o|if no tag|Sets cose-sign1 mode| 24d4afb5ceSopenharmony_ci|--extra HEXSTRING|o|o|Optional extra payload data| 25d4afb5ceSopenharmony_ci 26d4afb5ceSopenharmony_ciHEXSTRING above means a string like `1a2b3c` 27d4afb5ceSopenharmony_ci 28d4afb5ceSopenharmony_ciStdin is either the plaintext (if signing) or cose_sign (if verifying). 29d4afb5ceSopenharmony_ci 30d4afb5ceSopenharmony_ciFor convenience, a keyset from the COSE RFC is provided in 31d4afb5ceSopenharmony_ci`minimal-examples/crypto/minimal-crypto-cose-sign/set1.cks`. Six example 32d4afb5ceSopenharmony_cicose_sign1 and cose_sign are also provided in that directory signed with keys 33d4afb5ceSopenharmony_cifrom the provided keyset. 34d4afb5ceSopenharmony_ci 35d4afb5ceSopenharmony_ci## Examples 36d4afb5ceSopenharmony_ci 37d4afb5ceSopenharmony_ci### Validation 38d4afb5ceSopenharmony_ci 39d4afb5ceSopenharmony_ciThe RFC8152 sign1_pass01.sig is a cose_sign1 that contains the ES256 alg 40d4afb5ceSopenharmony_ciparameter along with a kid hint that it was signed with the key with kid "11" 41d4afb5ceSopenharmony_cifrom the RFC8152 key set. So we just need to provide the signature and the key 42d4afb5ceSopenharmony_ciset and lws can sort it out. 43d4afb5ceSopenharmony_ci 44d4afb5ceSopenharmony_ci``` 45d4afb5ceSopenharmony_ci$ cat sign1_pass01.sig | ./lws-crypto-cose-sign -k set1.cks 46d4afb5ceSopenharmony_ci[2021/07/26 05:41:29:1663] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on 47d4afb5ceSopenharmony_ci[2021/07/26 05:41:29:3892] N: results count 1 48d4afb5ceSopenharmony_ci[2021/07/26 05:41:29:3901] N: result: 0 (alg ES256, kid 3131) 49d4afb5ceSopenharmony_ci[2021/07/26 05:41:29:4168] N: main: PASS 50d4afb5ceSopenharmony_ci``` 51d4afb5ceSopenharmony_ci 52d4afb5ceSopenharmony_ciNotice how the validation just delivers a results list and leaves it to the user 53d4afb5ceSopenharmony_cicode to iterate it, and confirm that it's happy with the result, the alg used, 54d4afb5ceSopenharmony_ciand the kid that was used. 55d4afb5ceSopenharmony_ci 56d4afb5ceSopenharmony_ciRFC8152 sign1_pass02.sig is similar but contains extra application data in the 57d4afb5ceSopenharmony_cisignature, that must be given at validation too. 58d4afb5ceSopenharmony_ci 59d4afb5ceSopenharmony_ci``` 60d4afb5ceSopenharmony_ci$cat sign1_pass02.sig | ./lws-crypto-cose-sign -k set1.cks --extra 11aa22bb33cc44dd55006699 61d4afb5ceSopenharmony_ci[2021/07/26 05:55:50:9103] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on 62d4afb5ceSopenharmony_ci[2021/07/26 05:55:50:9381] N: 12 63d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:0924] N: 64d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:0939] N: 0000: 11 AA 22 BB 33 CC 44 DD 55 00 66 99 ..".3.D.U.f. 65d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:0943] N: 66d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:1368] N: results count 1 67d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:1377] N: result: 0 (alg ES256, kid 3131) 68d4afb5ceSopenharmony_ci[2021/07/26 05:55:51:1657] N: main: PASS 69d4afb5ceSopenharmony_ci``` 70d4afb5ceSopenharmony_ci 71d4afb5ceSopenharmony_ci### Signing 72d4afb5ceSopenharmony_ci 73d4afb5ceSopenharmony_ciGenerate a cose-sign1 using ES256 and the key set key with id "11" for the 74d4afb5ceSopenharmony_cipayload given on stdin 75d4afb5ceSopenharmony_ci 76d4afb5ceSopenharmony_ci``` 77d4afb5ceSopenharmony_ci$ echo -n "This is the content." |\ 78d4afb5ceSopenharmony_ci ./bin/lws-crypto-cose-sign -s -k set1.cks \ 79d4afb5ceSopenharmony_ci --kid 11 --alg ES256 > ./test.sig 80d4afb5ceSopenharmony_ci 81d4afb5ceSopenharmony_ci00000000 d2 84 43 a1 01 26 a1 04 42 31 31 54 54 68 69 73 |..C..&..B11TThis| 82d4afb5ceSopenharmony_ci00000010 20 69 73 20 74 68 65 20 63 6f 6e 74 65 6e 74 2e | is the content.| 83d4afb5ceSopenharmony_ci00000020 58 40 b9 a8 85 09 17 7f 01 f6 78 5d 39 62 d0 44 |X@........x]9b.D| 84d4afb5ceSopenharmony_ci00000030 08 0b fa b4 b4 5b 17 80 c2 e3 ba a3 af 33 6f e6 |.....[.......3o.| 85d4afb5ceSopenharmony_ci00000040 44 09 13 1f cf 4f 17 5c 62 9f 8d 29 29 1c ab 28 |D....O.\b..))..(| 86d4afb5ceSopenharmony_ci00000050 b2 f4 e6 af f9 62 ea 69 52 90 07 0e 2c 40 72 d3 |.....b.iR...,@r.| 87d4afb5ceSopenharmony_ci00000060 12 cf |..| 88d4afb5ceSopenharmony_ci 89d4afb5ceSopenharmony_ci``` 90d4afb5ceSopenharmony_ci 91d4afb5ceSopenharmony_ciSame as above, but force it to use cose-sign layout 92d4afb5ceSopenharmony_ci 93d4afb5ceSopenharmony_ci``` 94d4afb5ceSopenharmony_ci$ echo -n "This is the content." |\ 95d4afb5ceSopenharmony_ci ./bin/lws-crypto-cose-sign -s -k set1.cks \ 96d4afb5ceSopenharmony_ci --kid 11 --alg ES256 --cose-sign > ./test.sig 97d4afb5ceSopenharmony_ci 98d4afb5ceSopenharmony_ci00000000 d8 62 84 40 40 54 54 68 69 73 20 69 73 20 74 68 |.b.@@TThis is th| 99d4afb5ceSopenharmony_ci00000010 65 20 63 6f 6e 74 65 6e 74 2e 81 83 a1 01 26 a1 |e content.....&.| 100d4afb5ceSopenharmony_ci00000020 04 42 31 31 58 40 37 5d 93 48 20 b0 d0 75 16 41 |.B11X@7].H ..u.A| 101d4afb5ceSopenharmony_ci00000030 db 95 95 5b 39 7d 6d 92 6e 52 c9 78 96 d8 a2 9b |...[9}m.nR.x....| 102d4afb5ceSopenharmony_ci00000040 62 62 89 9e e5 26 31 63 4b 90 d1 37 86 ca 82 a2 |bb...&1cK..7....| 103d4afb5ceSopenharmony_ci00000050 28 9a d2 82 a7 6d 24 23 cd de 58 91 47 98 bb 11 |(....m$#..X.G...| 104d4afb5ceSopenharmony_ci00000060 e4 b9 08 18 48 65 |....He| 105d4afb5ceSopenharmony_ci``` 106