The W3C Web Authentication (WebAuthn) working group and the IETF COSE working group created “CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) Registrations for Web Authentication (WebAuthn) Algorithms” to make some algorithms and elliptic curves used by WebAuthn and FIDO2 officially part of COSE and JOSE. The RSA algorithms are used by TPMs. The “secp256k1” curve registered (a.k.a., the Bitcoin curve) is also used in some decentralized identity applications. The completed specification has now been published as RFC 8812.
As described when the registrations recently occurred, the algorithms registered are:
RS256— RSASSA-PKCS1-v1_5 using SHA-256 — new for COSERS384— RSASSA-PKCS1-v1_5 using SHA-384 — new for COSERS512— RSASSA-PKCS1-v1_5 using SHA-512 — new for COSERS1— RSASSA-PKCS1-v1_5 using SHA-1 — new for COSEES256K— ECDSA using secp256k1 curve and SHA-256 — new for COSE and JOSE
The elliptic curves registered are:
secp256k1— SECG secp256k1 curve — new for COSE and JOSE
See them in the IANA COSE Registry and the IANA JOSE Registry.
Leave a Reply
You must be logged in to post a comment.