Class: Unmagic::Passkeys::WebAuthn::CoseKey

Inherits:
Object
  • Object
show all
Defined in:
lib/unmagic/passkeys/web_authn/cose_key.rb

Overview

Action Pack WebAuthn COSE Key

Parses COSE (CBOR Object Signing and Encryption) public keys as specified in RFC 9053. WebAuthn authenticators return public keys in COSE format, which must be converted to a standard format for signature verification.

Usage

# Decode a COSE key from CBOR bytes (e.g., from authenticator data)
cose_key = Unmagic::Passkeys::WebAuthn::CoseKey.decode(cbor_bytes)

# Convert to OpenSSL key for signature verification
openssl_key = cose_key.to_openssl_key
openssl_key.verify("SHA256", signature, signed_data)

Supported Algorithms

ES256

ECDSA with P-256 curve and SHA-256. The most common algorithm for WebAuthn.

EdDSA

EdDSA with Ed25519 curve. Increasingly supported by modern authenticators.

RS256

RSASSA-PKCS1-v1_5 with SHA-256. Used by some security keys and platforms.

Attributes

key_type

The COSE key type (1 for OKP, 2 for EC2, 3 for RSA).

algorithm

The COSE algorithm identifier (-7 for ES256, -8 for EdDSA, -257 for RS256).

parameters

The full COSE key parameters map, including curve and coordinate data.

Constant Summary collapse

P256_COORDINATE_LENGTH = 
32
MINIMUM_RSA_KEY_BITS = 
2048
KEY_TYPE_LABEL =

COSE key labels

1
ALGORITHM_LABEL = 
3
EC2_CURVE_LABEL = 
-1
EC2_X_LABEL = 
-2
EC2_Y_LABEL = 
-3
RSA_N_LABEL = 
-1
RSA_E_LABEL = 
-2
OKP_CURVE_LABEL = 
-1
OKP_X_LABEL = 
-2
OKP =

COSE key types

1
EC2 = 
2
RSA = 
3
ES256 =

COSE algorithms

-7
EDDSA = 
-8
RS256 = 
-257
P256 =

COSE EC2 curves

1
ED25519 =

COSE OKP curves

6
UNCOMPRESSED_POINT_MARKER =

OpenSSL types

0x04

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_type:, algorithm:, parameters:) ⇒ CoseKey

:nodoc:



89
90
91
92
93
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 89

def initialize(key_type:, algorithm:, parameters:) # :nodoc:
  @key_type = key_type
  @algorithm = algorithm
  @parameters = parameters
end

Instance Attribute Details

#algorithmObject (readonly)

Returns the value of attribute algorithm.



72
73
74
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 72

def algorithm
  @algorithm
end

#key_typeObject (readonly)

Returns the value of attribute key_type.



72
73
74
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 72

def key_type
  @key_type
end

#parametersObject (readonly)

Returns the value of attribute parameters.



72
73
74
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 72

def parameters
  @parameters
end

Class Method Details

.decode(bytes) ⇒ Object

Decodes a COSE key from CBOR-encoded bytes.

cose_key = Unmagic::Passkeys::WebAuthn::CoseKey.decode(cbor_bytes)
cose_key.algorithm # => -7 (ES256)



79
80
81
82
83
84
85
86
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 79

def decode(bytes)
  data = Unmagic::Passkeys::WebAuthn::CborDecoder.decode(bytes)
  new(
    key_type: data[KEY_TYPE_LABEL],
    algorithm: data[ALGORITHM_LABEL],
    parameters: data
  )
end

Instance Method Details

#to_openssl_keyObject

Converts the COSE key to an OpenSSL public key object.

Returns an OpenSSL::PKey::EC for EC2 keys, OpenSSL::PKey::RSA for RSA keys, or an Ed25519 key for OKP keys, suitable for use with OpenSSL::PKey#verify.

Raises UnsupportedKeyTypeError if the key type, algorithm, or curve is not supported.



103
104
105
106
107
108
109
110
 
# File 'lib/unmagic/passkeys/web_authn/cose_key.rb', line 103

def to_openssl_key
  case [ key_type, algorithm ]
  when [ EC2, ES256 ] then build_ec2_es256_key
  when [ OKP, EDDSA ] then build_okp_eddsa_key
  when [ RSA, RS256 ] then build_rsa_rs256_key
  else raise Unmagic::Passkeys::WebAuthn::UnsupportedKeyTypeError, "Unsupported COSE key type/algorithm: #{key_type}/#{algorithm}"
  end
end