multipaz/org.multipaz.cose/Cose/coseSign1Sign

coseSign1Sign

suspend fun coseSign1Sign(signingKey: AsymmetricKey, message: ByteArray, includeMessageInPayload: Boolean, protectedHeaders: Map<CoseLabel, DataItem>, unprotectedHeaders: Map<CoseLabel, DataItem>): CoseSign1

Creates a COSE_Sign1 signature.

By default, the Cose.COSE_LABEL_ALG header is included in the protected header with the algorithm specified in the key. If protectedHeaders already contain Cose.COSE_LABEL_ALG it will not be replaced.

The app can include additional headers, for example if certification is needed, Cose.COSE_LABEL_X5CHAIN can be included in either the unprotected or protected header.

Parameters

signingKey

key to sign with.

message

the data to sign.

includeMessageInPayload

whether to include the message in the COSE_Sign1 payload.

protectedHeaders

the protected headers to include.

unprotectedHeaders

the unprotected headers to include.

suspend fun coseSign1Sign(secureArea: SecureArea, alias: String, message: ByteArray, includeMessageInPayload: Boolean, protectedHeaders: Map<CoseLabel, DataItem>, unprotectedHeaders: Map<CoseLabel, DataItem>, unlockReason: UnlockReason = UnlockReason.Unspecified): CoseSign1

Deprecated

Use SigningKey-based method instead

Creates a COSE_Sign1 signature.

By default, the Cose.COSE_LABEL_ALG header is included in the protected header with the non-fully-defined Algorithm set of the key. For example for a key with Algorithm.ESP256, the value Algorithm.ES256 is included. If protectedHeaders already contain Cose.COSE_LABEL_ALG it will not be replaced.

The app can include additional headers, for example if certification is needed, Cose.COSE_LABEL_X5CHAIN can be included in either the unprotected or protected header.

This function signs with a key in a Secure Area, for signing with a software-based EcPrivateKey, see the other function with the same name but taking a EcPrivateKey instead.

This method remains for compatibility. New code should used AsymmetricKey-based method instead.

Parameters

secureArea

the SecureArea holding the private key.

alias

the alias for the private key to use to sign with.

message

the data to sign.

includeMessageInPayload

whether to include the message in the COSE_Sign1 payload.

protectedHeaders

the protected headers to include.

unprotectedHeaders

the unprotected headers to include.

keyUnlockData

a KeyUnlockData for unlocking the key in the SecureArea.

fun coseSign1Sign(key: EcPrivateKey, dataToSign: ByteArray, includeDataInPayload: Boolean, signatureAlgorithm: Algorithm, protectedHeaders: Map<CoseLabel, DataItem>, unprotectedHeaders: Map<CoseLabel, DataItem>): CoseSign1

Deprecated

Use SigningKey-based method instead

Creates a COSE_Sign1 signature.

By default, no headers are added. Applications likely want to include Cose.COSE_LABEL_ALG in the protected header and if certification is needed, Cose.COSE_LABEL_X5CHAIN in either the unprotected or protected header.

This function signs with a software-based EcPrivateKey, for using a key in a Secure Area see the other function with the same name but taking a SecureArea and alias.

This method remains for compatibility. New code should used AsymmetricKey-based method instead.

Parameters

key

the private key to sign with.

dataToSign

the data to sign.

includeDataInPayload

whether to include the message in the COSE_Sign1 payload.

signatureAlgorithm

the signature algorithm to use.

protectedHeaders

the protected headers to include.

unprotectedHeaders

the unprotected headers to include.