cose

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package cose provides COSE Sign1 signing and verification for Signet tokens. This implementation uses veraison/go-cose for COSE message handling.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GenericSigner 

type GenericSigner[K any] struct {
	// contains filtered or unexported fields
}

GenericSigner implements COSE Sign1 signing. The private key is securely managed and automatically zeroed when Destroy() is called.

CONCURRENCY: GenericSigner is safe for concurrent Sign() calls from multiple goroutines. However, callers MUST externally synchronize Destroy() calls to ensure they happen only after all Sign() operations are complete. Calling Destroy() concurrently with Sign() may result in Sign() operations failing with "signer has been destroyed" errors.

func NewECDSAP256Signer 

func NewECDSAP256Signer(privateKey *ecdsa.PrivateKey) (*GenericSigner[*ecdsa.PrivateKey], error)

NewECDSAP256Signer creates a new COSE signer for ECDSA P-256

func NewEd25519Signer 

func NewEd25519Signer(privateKey ed25519.PrivateKey) (*GenericSigner[ed25519.PrivateKey], error)

NewEd25519Signer creates a new COSE signer for Ed25519

func (*GenericSigner[K]) Destroy 

func (s *GenericSigner[K]) Destroy()

Destroy securely zeros the private key from memory. After calling Destroy, the signer cannot be used. This is idempotent - calling multiple times is safe. SECURITY: The zeroizer is mandatory and will panic if not set.

func (*GenericSigner[K]) Sign 

func (s *GenericSigner[K]) Sign(payload []byte) ([]byte, error)

Sign creates a COSE Sign1 message from the payload. Note: nil payloads are rejected, but empty payloads ([]byte{}) are allowed as they represent valid zero-length data to sign.

type GenericVerifier 

type GenericVerifier[K any] struct {
	// contains filtered or unexported fields
}

GenericVerifier implements COSE Sign1 verification. Verifiers are safe for concurrent use.

func NewECDSAP256Verifier 

func NewECDSAP256Verifier(publicKey *ecdsa.PublicKey) (*GenericVerifier[*ecdsa.PublicKey], error)

NewECDSAP256Verifier creates a new COSE verifier for ECDSA P-256

func NewEd25519Verifier 

func NewEd25519Verifier(publicKey ed25519.PublicKey) (*GenericVerifier[ed25519.PublicKey], error)

NewEd25519Verifier creates a new COSE verifier for Ed25519

func (*GenericVerifier[K]) Verify 

func (v *GenericVerifier[K]) Verify(coseSign1 []byte) ([]byte, error)

Verify verifies a COSE Sign1 message and returns the payload

type Signer 

type Signer interface {
	Sign(payload []byte) ([]byte, error)
	Destroy()
}

Signer interface for COSE signing with lifecycle management. All implementations must support secure destruction of cryptographic material.

func NewSigner 

func NewSigner(privateKey interface{}, algorithm string) (Signer, error)

NewSigner creates a new COSE signer

type Verifier 

type Verifier interface {
	// Verify verifies a COSE Sign1 message and returns the payload
	Verify(coseSign1 []byte) (payload []byte, err error)
}

Verifier interface for COSE verification

func NewVerifier 

func NewVerifier(publicKey interface{}) (Verifier, error)

NewVerifier creates a new COSE verifier

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.