specifications icon indicating copy to clipboard operation
specifications copied to clipboard
verified publisher icon notaryproject

Implement COSE as signing envelope

Open ianjmcm opened this issue 4 years ago • 6 comments

I'd like to see Notary v2 support CBOR Object Signing and Encryption (COSE) as the signing envelope for content, as it is flexible to support all of the Nv2 signing requirements including IETF draft specs on support for x.509.

Also, COSE has broader alignments across the industry in CoMID/CoSWID, and standards for software manifests and remote attestation including C2PA .

Consider this as an update to Issue #99 .

ianjmcm avatar Dec 09 '21 18:12 ianjmcm

COSE is based on CBOR literally, which is conciser and faster than JSON.

Here is an comparison on the encoded structure size (based on RFC7049 E.6):

+---------------+-------------------------+
| Format        | [1, [2, 3]]             |
+---------------+-------------------------+
| RFC 713       | c2 05 81 c2 02 82 83    |
|               |                         |
| ASN.1 BER     | 30 0b 02 01 01 30 06 02 |
|               | 01 02 02 01 03          |
|               |                         |
| MessagePack   | 92 01 92 02 03          |
|               |                         |
| BSON          | 22 00 00 00 10 30 00 01 |
|               | 00 00 00 04 31 00 13 00 |
|               | 00 00 10 30 00 02 00 00 |
|               | 00 10 31 00 03 00 00 00 |
|               | 00 00                   |
|               |                         |
| UBJSON        | 61 02 42 01 61 02 42 02 |
|               | 42 03                   |
|               |                         |
| CBOR          | 82 01 82 02 03          |
| JSON          | 5b 31 2c 5b 32 2c 33 5d |
|               | 5d                      |
+---------------+-------------------------+

Since CBOR supports byte strings (major type 2) natively, it does not require base64 encoding family as in JSON. Thus signatures and certificates, which are in binary forms, can have smaller sizes in CBOR than in JSON. Therefore, if we do move signature content from a blob to annotations #123, we can have a much smaller manifest.

shizhMSFT avatar Feb 08 '22 09:02 shizhMSFT

Here's the prototype plugin notation-cose for COSE signing and verification.

Using the same key and certificate chain, the COSE signature is much smaller than the JWS signature signing the same content:

  • COSE signature: 1263 bytes
  • JWS signature: 1808 bytes

shizhMSFT avatar Feb 16 '22 05:02 shizhMSFT

For folks to review and provide feedback, a doc comparing COSE with other signing formats. https://docs.google.com/document/d/18YVGA4mq45wfUkWrAqWkymzdHRcXxlwINKXnEp86L0w/edit#

SteveLasker avatar Mar 02 '22 00:03 SteveLasker

COSE work is progressing nicely within the cose branch. Upstream go-cose work is finalizing

SteveLasker avatar Apr 08 '22 20:04 SteveLasker

The first veraison/go-cose security review is in

go-cose has also completed an rc.1 release, only pending 1.0.0 based on implementation verifications.

As a result, we'd like to bring this into current work efforts.

SteveLasker avatar Jul 14 '22 15:07 SteveLasker

Thanks for sharing the updates @SteveLasker , I've started looking into the external security review and other details.

gokarnm avatar Jul 19 '22 00:07 gokarnm