New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

@transmute/cose

Package Overview
Dependencies
Maintainers
3
Versions
41
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@transmute/cose

COSE and related work.

  • 0.0.16
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
13
decreased by-75.93%
Maintainers
3
Weekly downloads
 
Created
Source

cose

CI Branches Functions Lines Statements Jest coverage

Questions? Contact Transmute

Usage

npm install '@transmute/cose'
import cose from '@transmute/cose'
const cose = require('@transmute/cose')

Inclusion Proof

const signed_inclusion_proof = await cose.merkle.inclusion_proof({
    alg: signer.alg,
    kid: log_id,
    leaf_index: 2,
    leaves,
    signer,
  })
18(                                 / COSE Single Signer Data Object        /
    [
      h'a2012604...6d706c65',       / Protected header                      /
      {                             / Unprotected header                    /
        100: [                      / Inclusion proofs (2)                  /
          h'83040282...1f487bb1',   / Inclusion proof 1                     /
          h'83040382...1f487bb1',   / Inclusion proof 2                     /
        ]
      },
      h'',                          / Payload                               /
      h'efde9a59...b4cb142b'        / Signature                             /
    ]
)
{                                   / Protected header                      /
  1: -7,                            / Cryptographic algorithm to use        /
  4: h'68747470...6d706c65'         / Key identifier                        /
}
[                                   / Inclusion proof 1                     /
  4,                                / Tree size                             /
  2,                                / Leaf index                            /
  [                                 / Inclusion hashes (2)                  /
     h'a39655d4...d29a968a'         / Intermediate hash 1                   /
     h'57187dff...1f487bb1'         / Intermediate hash 2                   /
  ]
]
[                                   / Inclusion proof 2                     /
  4,                                / Tree size                             /
  3,                                / Leaf index                            /
  [                                 / Inclusion hashes (2)                  /
     h'e7f16481...aab81688'         / Intermediate hash 1                   /
     h'57187dff...1f487bb1'         / Intermediate hash 2                   /
  ]
]

See also :

Setup
import cose from '@transmute/cose'
const signer = await cose.signer({
  privateKeyJwk: {
    kty: 'EC',
    crv: 'P-256',
    alg: 'ES256',
    d: 'o_95vWSheg19YU7viU3PmW_kRIWk14HiVLXDXiZjEL0',
    x: 'LYdh0ITBGLOUpywy0adFxXyaIaQapIEOLgfw7933TRE',
    y: 'I6R3hgQZf2topOWa0VBjEugRgHISJ39LvOlfVX29P0w',
  },
})
const verifier = await cose.verifier({
  publicKeyJwk: {
    kty: 'EC',
    crv: 'P-256',
    alg: 'ES256',
    x: 'LYdh0ITBGLOUpywy0adFxXyaIaQapIEOLgfw7933TRE',
    y: 'I6R3hgQZf2topOWa0VBjEugRgHISJ39LvOlfVX29P0w',
  },
})
Issue Inclusion Proof
const message0 = cose.cbor.encode(0)
const message1 = cose.cbor.encode('1')
const message2 = cose.cbor.encode([2, 2])
const message3 = cose.cbor.encode({ 3: 3 })

const entries = [message0, message1, message2, message3]
const leaves = entries.map(cose.merkle.leaf)
const old_root = await cose.merkle.root({ leaves })

const signed_inclusion_proof = await cose.merkle.inclusion_proof({
  leaf_index: 2,
  leaves,
  signer,
})
Verify Inclusion Proof
const verified_inclusion_proof = await cose.merkle.verify_inclusion_proof({
  leaf: cose.merkle.leaf(entries[2]),
  signed_inclusion_proof,
  verifier,
})
Multi Verify
const verified3 = await cose.merkle.verify_multiple(
  {
    leaves: [cose.merkle.leaf(entries[2]), cose.merkle.leaf(entries[3])],
    signed_inclusion_proof: updated,
    verifier
  }
)
Issue Consistency Proof
const message4 = cose.cbor.encode(['🔥', 4])
const message5 = cose.cbor.encode({ five: '💀' })
const leaves2 = entries.map(cose.merkle.leaf)
const signed_consistency_proof = await cose.merkle.consistency_proof({
  signed_inclusion_proof,
  leaves: leaves2,
  signer,
})
Verify Consistency Proof
const verified = await cose.merkle.verify_consistency_proof({
  old_root,
  signed_consistency_proof,
  verifier,
})

Develop

npm i
npm t
npm run lint
npm run build

FAQs

Package last updated on 16 Oct 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc