COSE and JOSE Registrations for WebAuthn Algorithms
Microsoft
mbj@microsoft.com
http://self-issued.info/
Security
COSE Working Group
Cryptography
Digital Signature
Encryption
Internet-Draft
W3C
WebAuthn
FIDO Alliance
FIDO
FIDO2
The W3C Web Authentication (WebAuthn) specification
and the FIDO2 Client to Authenticator Protocol (CTAP) specification
use COSE algorithm identifiers.
This specification registers algorithms in the IANA "COSE Algorithms" registry
that are used by WebAuthn and CTAP implementations that are not already registered.
Also, they are registered in the IANA "JSON Web Signature and Encryption Algorithms" registry,
when not already registered there.
This specification defines how to use several algorithms with
COSE that are used by implementations of the
W3C Web Authentication (WebAuthn)
and FIDO2 Client to Authenticator Protocol (CTAP) specifications.
These algorithms are registered in
the IANA "COSE Algorithms" registry
and also in
the IANA "JSON Web Signature and Encryption Algorithms" registry ,
when not already registered there.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 when, and
only when, they appear in all capitals, as shown here.
The RSASSA-PKCS1-v1_5 signature algorithm is defined in .
The RSASSA-PKCS1-v1_5 signature algorithm is parameterized with a hash function (h).
A key of size 2048 bits or larger MUST be used with these algorithms.
Implementations need to check that the key type is 'RSA' when creating or verifying a signature.
The RSASSA-PKCS1-v1_5 algorithms specified in this document are in the following table.
Name
Value
Hash
Description
RS256
TBD (temporary assignment -257 already in place)
SHA-256
RSASSA-PKCS1-v1_5 w/ SHA-256
RS384
TBD (temporary assignment -258 already in place)
SHA-384
RSASSA-PKCS1-v1_5 w/ SHA-384
RS512
TBD (temporary assignment -259 already in place)
SHA-512
RSASSA-PKCS1-v1_5 w/ SHA-512
RS1
TBD (temporary assignment -65535 already in place)
SHA-1
RSASSA-PKCS1-v1_5 w/ SHA-1
This section defines algorithm encodings and representations enabling the
Standards for Efficient Cryptography Group (SECG) elliptic curve
"secp256k1" to be used for
JSON Object Signing and Encryption (JOSE) and
CBOR Object Signing and Encryption (COSE) messages.
The Standards for Efficient Cryptography Group (SECG) elliptic curve
"secp256k1" is represented in
a JSON Web Key (JWK) using these values:
kty: EC
crv: P-256K
plus x and y values
to represent the curve point for the key.
Other optional values such as alg MAY also be present.
It is represented in a COSE_Key using these values:
kty (1): EC2 (2)
crv (-1): P-256K (TBD - requested assignment 8)
plus x (-2) and y (-3) values
to represent the curve point for the key.
Other optional values such as alg (3) MAY also be present.
The ECDSA signature algorithm is defined in .
Implementations need to check that the key type is EC for JOSE or
EC2 (2) for COSE when creating or verifying a signature.
The ECDSA algorithm specified in this document is:
JOSE Alg Name
COSE Alg Value
Description
ES256K
TBD (requested assignment -43)
ECDSA w/ secp256k1 Curve
This section registers the following values in the
IANA "COSE Algorithms" registry .
Name: RS256
Value: TBD (temporary assignment -257 already in place)
Description: RSASSA-PKCS1-v1_5 w/ SHA-256
Reference: of this document
Recommended: No
Name: RS384
Value: TBD (temporary assignment -258 already in place)
Description: RSASSA-PKCS1-v1_5 w/ SHA-384
Reference: of this document
Recommended: No
Name: RS512
Value: TBD (temporary assignment -259 already in place)
Description: RSASSA-PKCS1-v1_5 w/ SHA-512
Reference: of this document
Recommended: No
Name: RS1
Value: TBD (temporary assignment -65535 already in place)
Description: RSASSA-PKCS1-v1_5 w/ SHA-1
Reference: of this document
Recommended: Deprecated
Name: ES256K
Value: TBD (requested assignment -43)
Description: ECDSA w/ secp256k1 Curve
Reference: of this document
Recommended: Yes
This section registers the following value in the
IANA "COSE Elliptic Curves" registry .
Name: P-256K
Value: TBD (requested assignment 8)
Key Type: EC2
Description: SECG secp256k1 Curve
Change Controller: IESG
Reference: of [[ this specification ]]
Recommended: Yes
This section registers the following value in the
IANA "JSON Web Signature and Encryption Algorithms" registry .
Algorithm Name: ES256K
Algorithm Description: ECDSA w/ secp256k1 Curve
Algorithm Usage Locations: alg
JOSE Implementation Requirements: Optional
Change Controller: IESG
Reference: of [[ this specification ]]
Algorithm Analysis Document(s):
This section registers the following value in the
IANA "JSON Web Key Elliptic Curve" registry .
Curve Name: P-256K
Curve Description: SECG secp256k1 Curve
JOSE Implementation Requirements: Optional
Change Controller: IESG
Specification Document(s): of [[ this specification ]]
The security considerations on key sizes for RSA algorithms
from Section 6.1 of also apply to the RSA algorithms
in this specification.
The security considerations on the use of RSASSA-PKCS1-v1_5 with SHA-2 hash functions
from Section 8.3 of also apply to their use
in this specification.
For that reason, these algorithms are registered as being "Not Recommended".
The security considerations on the use of the SHA-1 hash function
from apply in this specification.
For that reason, the "RS1" algorithm is registered as "Deprecated".
It MUST NOT be used by COSE implementations.
A COSE algorithm identifier for this algorithm is nonetheless being registered
because deployed TPMs continue to use it, and therefore WebAuthn implementations
need a COSE algorithm identifier for "RS1" when TPM attestations using
this algorithm are being represented.
Care should be taken that a secp256k1 key is not mistaken for a P-256 key,
given that their representations are the same
except for the crv value.
The procedures and security considerations described in the
, , and
specifications apply to implementations of this specification.
Digital Signature Standard (DSS)
National Institute of Standards and
Technology (NIST)
SEC 1: Elliptic Curve Cryptography
Standards for Efficient Cryptography Group
SEC 2: Recommended Elliptic Curve Domain Parameters
Standards for Efficient Cryptography Group
Web Authentication: An API for accessing Public Key Credentials - Level 1
Google
balfanz@google.com
Google
aczeskis@google.com
Google
Jeff.Hodges@paypal.com
Mozilla
jc@mozilla.com
Microsoft
mbj@microsoft.com
http://self-issued.info/
Microsoft
akshayku@microsoft.com
Microsoft
huliao@microsoft.com
Nok Nok Labs
rolf@noknok.com
Yubico
emil@yubico.com
Client to Authenticator Protocol (CTAP)
Google
cbrand@google.com
Google
aczeskis@google.com
Yubico
jakob@yubico.com
Microsoft
mbj@microsoft.com
http://self-issued.info/
Microsoft
akshayku@microsoft.com
Nok Nok Labs
rolf@noknok.com
FIDO Alliance
adam@fidoalliance.org
OneSpan
johan.verrept@onespan.com
COSE Algorithms
IANA
COSE Elliptic Curves
IANA
JSON Web Signature and Encryption Algorithms
IANA
JSON Web Key Elliptic Curve
IANA
Thanks to
John Fontana,
Jeff Hodges,
Tony Nadalin,
Jim Schaad,
Göran Selander,
Wendy Seltzer,
Sean Turner,
and
Samuel Weiler
for their roles in registering these algorithm identifiers.
[[ to be removed by the RFC Editor before publication as an RFC ]]
-00
Created the initial working group draft from draft-jones-cose-additional-algorithms-00,
changing only the title, date, and history entry.