Installations

npm install cose-js

Pull Requests

Open

8

Total

47

Closed

3

Merged

36

Issues

Open

4

Total

25

Closed

21

Releases

9

v0.9.0

Published on 22 Sept 2023

v0.8.4

Published on 12 Feb 2022

v0.8.3

Published on 19 Dec 2021

v0.8.2

Published on 07 Nov 2021

v0.8.0

Published on 04 Nov 2021

added RSA support

v0.7.0

Published on 27 Sept 2021

View all 9 releases

Developer

erdtman

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=12.0

Typescript Support

No

Node Version

17.8.0

NPM Version

8.5.5 Statistics

29 Stars

182 Commits

25 Forks

3 Watching

9 Branches

10 Contributors

Updated on 04 Mar 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

468,361

Last day

143.3%

1,292

Compared to previous day

Last week

15.8%

7,854

Compared to previous week

Last month

234%

26,697

Compared to previous month

Last year

-7.6%

159,845

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

6

aes-cbc-mac any-promise cbor elliptic node-hkdf-sync node-rsa

Dev Dependencies

9

ava base64url jsonfile jwk-to-pem live-server npm-run-all nyc semistandard watch

Versions

cose-js

JavaScript implementation of COSE, RFC8152

MAC

1const cose = require('cose-js');
2try {
3  const plaintext = 'Important message!';
4  const headers = {
5    p: { alg: 'SHA-256_64' },
6    u: { kid: 'our-secret' }
7  };
8  const recipent = {
9    key: Buffer.from('231f4c4d4d3051fdc2ec0a3851d5b383', 'hex')
10  };
11  const buf = await cose.mac.create(headers, plaintext, recipent);
12  console.log('MACed message: ' + buf.toString('hex'));
13} catch (error) {
14  console.log(error);
15}

Verify MAC

1const cose = require('cose-js');
2try {
3  const key = Buffer.from('231f4c4d4d3051fdc2ec0a3851d5b383', 'hex');
4  const COSEMessage = Buffer.from('d18443a10104a1044a6f75722d73656372657472496d706f7274616e74206d65737361676521488894981d4aa5d614', 'hex');
5  const buf = await cose.mac.read(COSEMessage, key);
6  console.log('Verified message: ' + buf.toString('utf8'));
7} catch (error) {
8  console.log(error);
9}

Sign

1const cose = require('cose-js');
2try {
3  const plaintext = 'Important message!';
4  const headers = {
5    p: { alg: 'ES256' },
6    u: { kid: '11' }
7  };
8  const signer = {
9    key: {
10      d: Buffer.from('6c1382765aec5358f117733d281c1c7bdc39884d04a45a1e6c67c858bc206c19', 'hex')
11    }
12  };
13  const buf = await cose.sign.create(headers, plaintext, signer);
14  console.log('Signed message: ' + buf.toString('hex'));
15} catch (error) {
16  console.log(error);
17}

Verify Signature

1const cose = require('cose-js');
2try {
3  const verifier = {
4    key: {
5      x: Buffer.from('143329cce7868e416927599cf65a34f3ce2ffda55a7eca69ed8919a394d42f0f', 'hex'),
6      y: Buffer.from('60f7f1a780d8a783bfb7a2dd6b2796e8128dbbcef9d3d168db9529971a36e7b9', 'hex')
7    }
8  };
9  const COSEMessage = Buffer.from('d28443a10126a10442313172496d706f7274616e74206d6573736167652158404c2b6b66dfedc4cfef0f221cf7ac7f95087a4c4245fef0063a0fd4014b670f642d31e26d38345bb4efcdc7ded3083ab4fe71b62a23f766d83785f044b20534f9', 'hex');
10  const buf = await cose.sign.verify(COSEMessage, verifier);
11  console.log('Verified message: ' + buf.toString('utf8'));
12} catch (error) {
13  console.log(error);
14}

Encrypt

1const cose = require('cose-js');
2try {
3  const plaintext = 'Secret message!';
4  const headers = {
5    p: { alg: 'A128GCM' },
6    u: { kid: 'our-secret' }
7  };
8  const recipient = {
9    key: Buffer.from('231f4c4d4d3051fdc2ec0a3851d5b383', 'hex')
10  };
11  const buf = await cose.encrypt.create(headers, plaintext, recipient);
12  console.log('Encrypted message: ' + buf.toString('hex'));
13} catch (error) {
14  console.log(error);
15}

Decrypt

1const cose = require('cose-js');
2try {
3  const key = Buffer.from('231f4c4d4d3051fdc2ec0a3851d5b383', 'hex');
4  const COSEMessage = Buffer.from('d8608443a10101a2044a6f75722d736563726574054c291a40271067ff57b1623c30581f23b663aaf9dfb91c5a39a175118ad7d72d416385b1b610e28b3b3fd824a397818340a040', 'hex');
5  const buf = await cose.encrypt.read(COSEMessage, key);
6  console.log('Protected message: ' + buf.toString('utf8'));
7} catch (error) {
8  console.log(error);
9}

Install

npm install cose-js --save

Test

npm test

No vulnerabilities found.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

License

Determines if the project has defined a license.

10

Pinned-Dependencies

Determines if the project has declared and pinned its dependencies.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

2

Code-Review

Determines if the project requires code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has a CII Best Practices Badge.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

Score

5.9

/10

Last Scanned on 2022-08-15

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More