@enbox/crypto 0.0.4 → 0.0.6

package/dist/esm/cose/eat.js

@@ -0,0 +1,254 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Cbor } from './cbor.js';
+import { CoseSign1 } from './cose-sign1.js';
+import { CryptoError, CryptoErrorCode } from '../crypto-error.js';
+/**
+ * EAT (Entity Attestation Token) claim key constants.
+ *
+ * EAT reuses CWT registered claim keys and adds attestation-specific claims.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9711 | RFC 9711 — Entity Attestation Token (EAT)}
+ * @see {@link https://www.rfc-editor.org/rfc/rfc8392 | RFC 8392 — CWT (CBOR Web Token)}
+ */
+export var EatClaimKey;
+(function (EatClaimKey) {
+    /** Issuer (iss) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Iss"] = 1] = "Iss";
+    /** Subject (sub) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Sub"] = 2] = "Sub";
+    /** Audience (aud) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Aud"] = 3] = "Aud";
+    /** Expiration Time (exp) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Exp"] = 4] = "Exp";
+    /** Not Before (nbf) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Nbf"] = 5] = "Nbf";
+    /** Issued At (iat) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Iat"] = 6] = "Iat";
+    /** CWT ID (cti) — RFC 8392 */
+    EatClaimKey[EatClaimKey["Cti"] = 7] = "Cti";
+    /** Nonce (eat_nonce) — RFC 9711, Section 4.1 */
+    EatClaimKey[EatClaimKey["Nonce"] = 10] = "Nonce";
+    /** UEID (Universal Entity ID) — RFC 9711, Section 4.2.1 */
+    EatClaimKey[EatClaimKey["Ueid"] = 256] = "Ueid";
+    /** SUEIDs (Semi-permanent UEIDs) — RFC 9711, Section 4.2.2 */
+    EatClaimKey[EatClaimKey["Sueids"] = 257] = "Sueids";
+    /** OEM ID (Hardware OEM Identification) — RFC 9711, Section 4.2.3 */
+    EatClaimKey[EatClaimKey["Oemid"] = 258] = "Oemid";
+    /** Hardware Model — RFC 9711, Section 4.2.4 */
+    EatClaimKey[EatClaimKey["Hwmodel"] = 259] = "Hwmodel";
+    /** Hardware Version — RFC 9711, Section 4.2.5 */
+    EatClaimKey[EatClaimKey["Hwversion"] = 260] = "Hwversion";
+    /** Secure Boot — RFC 9711, Section 4.2.7 */
+    EatClaimKey[EatClaimKey["Secboot"] = 262] = "Secboot";
+    /** Debug Status — RFC 9711, Section 4.2.8 */
+    EatClaimKey[EatClaimKey["Dbgstat"] = 263] = "Dbgstat";
+    /** Location — RFC 9711, Section 4.2.9 */
+    EatClaimKey[EatClaimKey["Location"] = 264] = "Location";
+    /** Profile — RFC 9711, Section 4.2.10 */
+    EatClaimKey[EatClaimKey["Profile"] = 265] = "Profile";
+    /** Submods (Submodules) — RFC 9711, Section 4.2.18 */
+    EatClaimKey[EatClaimKey["Submods"] = 266] = "Submods";
+    /** Measurement Results — RFC 9711, Section 4.2.15 */
+    EatClaimKey[EatClaimKey["Measres"] = 272] = "Measres";
+    /** Intended Use — RFC 9711, Section 4.2.14 */
+    EatClaimKey[EatClaimKey["Intuse"] = 268] = "Intuse";
+})(EatClaimKey || (EatClaimKey = {}));
+/**
+ * Debug status values for the `dbgstat` claim.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9711#section-4.2.8 | RFC 9711, Section 4.2.8}
+ */
+export var EatDebugStatus;
+(function (EatDebugStatus) {
+    /** Debug is enabled */
+    EatDebugStatus[EatDebugStatus["Enabled"] = 0] = "Enabled";
+    /** Debug is disabled */
+    EatDebugStatus[EatDebugStatus["Disabled"] = 1] = "Disabled";
+    /** Debug is disabled since manufacture */
+    EatDebugStatus[EatDebugStatus["DisabledSinceBoot"] = 2] = "DisabledSinceBoot";
+    /** Debug is disabled permanently */
+    EatDebugStatus[EatDebugStatus["DisabledPermanently"] = 3] = "DisabledPermanently";
+    /** Debug is disabled fully and permanently */
+    EatDebugStatus[EatDebugStatus["DisabledFullyAndPermanently"] = 4] = "DisabledFullyAndPermanently";
+})(EatDebugStatus || (EatDebugStatus = {}));
+/**
+ * Security level for the `seclevel` claim.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9711#section-4.2.6 | RFC 9711, Section 4.2.6}
+ */
+export var EatSecurityLevel;
+(function (EatSecurityLevel) {
+    /** Unrestricted — no security guarantees */
+    EatSecurityLevel[EatSecurityLevel["Unrestricted"] = 1] = "Unrestricted";
+    /** Restricted — some restrictions on environment */
+    EatSecurityLevel[EatSecurityLevel["Restricted"] = 2] = "Restricted";
+    /** Secure Restricted — hardware-enforced restrictions */
+    EatSecurityLevel[EatSecurityLevel["SecureRestricted"] = 3] = "SecureRestricted";
+    /** Hardware — hardware-isolated execution environment */
+    EatSecurityLevel[EatSecurityLevel["Hardware"] = 4] = "Hardware";
+})(EatSecurityLevel || (EatSecurityLevel = {}));
+/**
+ * Entity Attestation Token (EAT) implementation per RFC 9711.
+ *
+ * EATs are CBOR-based attestation tokens carried in COSE_Sign1 envelopes.
+ * They are used by TEE platforms (ARM CCA, Intel TDX, AMD SEV-SNP, Nitro Enclaves)
+ * to provide hardware-rooted attestation evidence.
+ *
+ * This implementation focuses on decoding and verification of EAT tokens — the
+ * primary use case for a DWN node that needs to verify TEE attestation from
+ * compute modules.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9711 | RFC 9711 — Entity Attestation Token (EAT)}
+ */
+export class Eat {
+    /**
+     * Decodes an EAT token without verifying its signature.
+     *
+     * Use this method only when signature verification is performed separately
+     * (e.g., by a TEE attestation service) or for debugging/inspection.
+     *
+     * @param params - The parameters for decoding.
+     * @returns The decoded protected header and claims.
+     * @throws {CryptoError} If the token is not valid COSE_Sign1 or the payload is not valid CBOR.
+     */
+    static decode({ token }) {
+        // Decode the COSE_Sign1 envelope.
+        const coseSign1 = CoseSign1.decode(token);
+        if (coseSign1.payload === null) {
+            throw new CryptoError(CryptoErrorCode.InvalidEat, 'Eat: token has detached payload; use verifyAndDecode with the payload provided separately');
+        }
+        // Decode the CBOR payload into claims.
+        const claims = Eat.parseClaims(coseSign1.payload);
+        return {
+            protectedHeader: coseSign1.protectedHeader,
+            claims,
+        };
+    }
+    /**
+     * Verifies the signature of an EAT token and decodes its claims.
+     *
+     * This is the primary method for processing EAT tokens from TEE attestation.
+     * It verifies the COSE_Sign1 signature using the provided public key, then
+     * parses the EAT claims from the payload.
+     *
+     * @param params - The parameters for verification and decoding.
+     * @returns The decoded protected header and claims if verification succeeds.
+     * @throws {CryptoError} If verification fails or the token is malformed.
+     */
+    static verifyAndDecode(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { token, key, externalAad } = params;
+            // Verify the COSE_Sign1 signature.
+            const isValid = yield CoseSign1.verify({
+                coseSign1: token,
+                key,
+                externalAad,
+            });
+            if (!isValid) {
+                throw new CryptoError(CryptoErrorCode.InvalidEat, 'Eat: signature verification failed');
+            }
+            // Decode and return claims (signature is already verified).
+            return Eat.decode({ token });
+        });
+    }
+    /**
+     * Parses CBOR-encoded EAT claims into a typed {@link EatClaims} object.
+     *
+     * Handles both integer-keyed (CBOR standard) and string-keyed claims.
+     *
+     * @param payload - The CBOR-encoded claims byte string.
+     * @returns The parsed EAT claims.
+     * @throws {CryptoError} If the payload is not valid CBOR or not a map.
+     */
+    static parseClaims(payload) {
+        let rawClaims;
+        try {
+            const decoded = Cbor.decode(payload);
+            if (decoded instanceof Map) {
+                rawClaims = decoded;
+            }
+            else if (typeof decoded === 'object' && decoded !== null) {
+                // Some encoders produce plain objects instead of Maps for maps with string keys.
+                rawClaims = new Map(Object.entries(decoded));
+            }
+            else {
+                throw new Error('not a map');
+            }
+        }
+        catch (error) {
+            if (error instanceof CryptoError) {
+                throw error;
+            }
+            throw new CryptoError(CryptoErrorCode.InvalidEat, 'Eat: payload is not a valid CBOR map');
+        }
+        const claims = { rawClaims };
+        // Extract standard CWT claims.
+        const iss = rawClaims.get(EatClaimKey.Iss);
+        if (iss !== undefined) {
+            claims.iss = iss;
+        }
+        const sub = rawClaims.get(EatClaimKey.Sub);
+        if (sub !== undefined) {
+            claims.sub = sub;
+        }
+        const aud = rawClaims.get(EatClaimKey.Aud);
+        if (aud !== undefined) {
+            claims.aud = aud;
+        }
+        const exp = rawClaims.get(EatClaimKey.Exp);
+        if (exp !== undefined) {
+            claims.exp = exp;
+        }
+        const nbf = rawClaims.get(EatClaimKey.Nbf);
+        if (nbf !== undefined) {
+            claims.nbf = nbf;
+        }
+        const iat = rawClaims.get(EatClaimKey.Iat);
+        if (iat !== undefined) {
+            claims.iat = iat;
+        }
+        const cti = rawClaims.get(EatClaimKey.Cti);
+        if (cti !== undefined) {
+            claims.cti = cti;
+        }
+        // Extract EAT-specific claims.
+        const nonce = rawClaims.get(EatClaimKey.Nonce);
+        if (nonce !== undefined) {
+            claims.nonce = nonce;
+        }
+        const ueid = rawClaims.get(EatClaimKey.Ueid);
+        if (ueid !== undefined) {
+            claims.ueid = ueid;
+        }
+        const hwmodel = rawClaims.get(EatClaimKey.Hwmodel);
+        if (hwmodel !== undefined) {
+            claims.hwmodel = hwmodel;
+        }
+        const hwversion = rawClaims.get(EatClaimKey.Hwversion);
+        if (hwversion !== undefined) {
+            claims.hwversion = hwversion;
+        }
+        const dbgstat = rawClaims.get(EatClaimKey.Dbgstat);
+        if (dbgstat !== undefined) {
+            claims.dbgstat = dbgstat;
+        }
+        const measres = rawClaims.get(EatClaimKey.Measres);
+        if (measres !== undefined) {
+            claims.measres = measres;
+        }
+        const submods = rawClaims.get(EatClaimKey.Submods);
+        if (submods !== undefined) {
+            claims.submods = submods;
+        }
+        return claims;
+    }
+}
+//# sourceMappingURL=eat.js.map

package/dist/esm/cose/eat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eat.js","sourceRoot":"","sources":["../../../src/cose/eat.ts"],"names":[],"mappings":";;;;;;;;;AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,CAAN,IAAY,WAyCX;AAzCD,WAAY,WAAW;IACrB,8BAA8B;IAC9B,2CAAO,CAAA;IACP,+BAA+B;IAC/B,2CAAO,CAAA;IACP,gCAAgC;IAChC,2CAAO,CAAA;IACP,uCAAuC;IACvC,2CAAO,CAAA;IACP,kCAAkC;IAClC,2CAAO,CAAA;IACP,iCAAiC;IACjC,2CAAO,CAAA;IACP,8BAA8B;IAC9B,2CAAO,CAAA;IACP,gDAAgD;IAChD,gDAAU,CAAA;IACV,2DAA2D;IAC3D,+CAAU,CAAA;IACV,8DAA8D;IAC9D,mDAAY,CAAA;IACZ,qEAAqE;IACrE,iDAAW,CAAA;IACX,+CAA+C;IAC/C,qDAAa,CAAA;IACb,iDAAiD;IACjD,yDAAe,CAAA;IACf,4CAA4C;IAC5C,qDAAa,CAAA;IACb,6CAA6C;IAC7C,qDAAa,CAAA;IACb,yCAAyC;IACzC,uDAAc,CAAA;IACd,yCAAyC;IACzC,qDAAa,CAAA;IACb,sDAAsD;IACtD,qDAAa,CAAA;IACb,qDAAqD;IACrD,qDAAa,CAAA;IACb,8CAA8C;IAC9C,mDAAY,CAAA;AACd,CAAC,EAzCW,WAAW,KAAX,WAAW,QAyCtB;AAED;;;;GAIG;AACH,MAAM,CAAN,IAAY,cAWX;AAXD,WAAY,cAAc;IACxB,uBAAuB;IACvB,yDAAW,CAAA;IACX,wBAAwB;IACxB,2DAAY,CAAA;IACZ,0CAA0C;IAC1C,6EAAqB,CAAA;IACrB,oCAAoC;IACpC,iFAAuB,CAAA;IACvB,8CAA8C;IAC9C,iGAA+B,CAAA;AACjC,CAAC,EAXW,cAAc,KAAd,cAAc,QAWzB;AAED;;;;GAIG;AACH,MAAM,CAAN,IAAY,gBASX;AATD,WAAY,gBAAgB;IAC1B,4CAA4C;IAC5C,uEAAgB,CAAA;IAChB,oDAAoD;IACpD,mEAAc,CAAA;IACd,yDAAyD;IACzD,+EAAoB,CAAA;IACpB,yDAAyD;IACzD,+DAAY,CAAA;AACd,CAAC,EATW,gBAAgB,KAAhB,gBAAgB,QAS3B;AA6FD;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,GAAG;IACd;;;;;;;;;OASG;IACI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAmB;QAC7C,kCAAkC;QAClC,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE1C,IAAI,SAAS,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,WAAW,CACnB,eAAe,CAAC,UAAU,EAC1B,2FAA2F,CAC5F,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,MAAM,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO;YACL,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAO,eAAe,CAAC,MAAuB;;YACzD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;YAE3C,mCAAmC;YACnC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC;gBACrC,SAAS,EAAE,KAAK;gBAChB,GAAG;gBACH,WAAW;aACZ,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,WAAW,CACnB,eAAe,CAAC,UAAU,EAC1B,oCAAoC,CACrC,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/B,CAAC;KAAA;IAED;;;;;;;;OAQG;IACK,MAAM,CAAC,WAAW,CAAC,OAAmB;QAC5C,IAAI,SAAwC,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAU,OAAO,CAAC,CAAC;YAC9C,IAAI,OAAO,YAAY,GAAG,EAAE,CAAC;gBAC3B,SAAS,GAAG,OAAwC,CAAC;YACvD,CAAC;iBAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBAC3D,iFAAiF;gBACjF,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;gBACjC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,WAAW,CACnB,eAAe,CAAC,UAAU,EAC1B,sCAAsC,CACvC,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAc,EAAE,SAAS,EAAE,CAAC;QAExC,+BAA+B;QAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAa,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,GAAiB,CAAC;QACjC,CAAC;QAED,+BAA+B;QAC/B,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,CAAC,KAAK,GAAG,KAAkC,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,GAAG,IAAkB,CAAC;QACnC,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,OAAqB,CAAC;QACzC,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;QAC/B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,OAAyB,CAAC;QAC7C,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,OAA+B,CAAC;QACnD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/esm/crypto-error.js

@@ -31,6 +31,10 @@ export var CryptoErrorCode;
     CryptoErrorCode["AlgorithmNotSupported"] = "algorithmNotSupported";
     /** The encoding operation (either encoding or decoding) failed. */
     CryptoErrorCode["EncodingError"] = "encodingError";
+    /** The COSE_Sign1 message does not conform to valid structure. */
+    CryptoErrorCode["InvalidCoseSign1"] = "invalidCoseSign1";
+    /** The EAT (Entity Attestation Token) is malformed or failed verification. */
+    CryptoErrorCode["InvalidEat"] = "invalidEat";
     /** The JWE supplied does not conform to valid syntax. */
     CryptoErrorCode["InvalidJwe"] = "invalidJwe";
     /** The JWK supplied does not conform to valid syntax. */

package/dist/esm/crypto-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto-error.js","sourceRoot":"","sources":["../../src/crypto-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC;;;;;OAKG;IACH,YAAmB,IAAqB,EAAE,OAAe;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QADE,SAAI,GAAJ,IAAI,CAAiB;QAEtC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAE1B,8FAA8F;QAC9F,4FAA4F;QAC5F,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAElD,2EAA2E;QAC3E,kEAAkE;QAClE,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,eAeX;AAfD,WAAY,eAAe;IACzB,gFAAgF;IAChF,kEAA+C,CAAA;IAE/C,mEAAmE;IACnE,kDAA+B,CAAA;IAE/B,yDAAyD;IACzD,4CAAyB,CAAA;IAEzB,yDAAyD;IACzD,4CAAyB,CAAA;IAEzB,sEAAsE;IACtE,kEAA+C,CAAA;AACjD,CAAC,EAfW,eAAe,KAAf,eAAe,QAe1B"}
+{"version":3,"file":"crypto-error.js","sourceRoot":"","sources":["../../src/crypto-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC;;;;;OAKG;IACH,YAAmB,IAAqB,EAAE,OAAe;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QADE,SAAI,GAAJ,IAAI,CAAiB;QAEtC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAE1B,8FAA8F;QAC9F,4FAA4F;QAC5F,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAElD,2EAA2E;QAC3E,kEAAkE;QAClE,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,eAqBX;AArBD,WAAY,eAAe;IACzB,gFAAgF;IAChF,kEAA+C,CAAA;IAE/C,mEAAmE;IACnE,kDAA+B,CAAA;IAE/B,kEAAkE;IAClE,wDAAqC,CAAA;IAErC,8EAA8E;IAC9E,4CAAyB,CAAA;IAEzB,yDAAyD;IACzD,4CAAyB,CAAA;IAEzB,yDAAyD;IACzD,4CAAyB,CAAA;IAEzB,sEAAsE;IACtE,kEAA+C,CAAA;AACjD,CAAC,EArBW,eAAe,KAAf,eAAe,QAqB1B"}

package/dist/esm/index.js

@@ -1,6 +1,10 @@
 export * from './crypto-error.js';
 export * from './local-key-manager.js';
 export * from './utils.js';
+export * from './cose/cbor.js';
+export * from './cose/cose-key.js';
+export * from './cose/cose-sign1.js';
+export * from './cose/eat.js';
 export * from './algorithms/aes-ctr.js';
 export * from './algorithms/aes-gcm.js';
 export * from './algorithms/aes-kw.js';

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,YAAY,CAAC;AAE3B,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kCAAkC,CAAC;AACjD,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAEhC,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iCAAiC,CAAC;AAChD,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oCAAoC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,YAAY,CAAC;AAE3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,oBAAoB,CAAC;AACnC,cAAc,sBAAsB,CAAC;AACrC,cAAc,eAAe,CAAC;AAE9B,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kCAAkC,CAAC;AACjD,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,wBAAwB,CAAC;AAEvC,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAEhC,cAAc,yBAAyB,CAAC;AACxC,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iCAAiC,CAAC;AAChD,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oCAAoC,CAAC"}

package/dist/types/cose/cbor.d.ts

@@ -0,0 +1,30 @@
+/**
+ * CBOR (Concise Binary Object Representation) encoding and decoding utilities.
+ *
+ * Provides a thin wrapper around the `cborg` library, exposing `encode` and `decode`
+ * operations for use by COSE and EAT implementations.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc8949 | RFC 8949 — CBOR}
+ */
+export declare class Cbor {
+    /**
+     * Encodes a JavaScript value to a CBOR byte string.
+     *
+     * @param value - The value to encode. Supports objects, arrays, strings, numbers,
+     *   booleans, null, undefined, Uint8Array (encoded as CBOR byte string), and Map.
+     * @returns The CBOR-encoded bytes.
+     */
+    static encode(value: unknown): Uint8Array;
+    /**
+     * Decodes a CBOR byte string to a JavaScript value.
+     *
+     * CBOR maps are decoded as JavaScript `Map` instances to support integer keys,
+     * which is required by COSE (RFC 9052) and EAT (RFC 9711).
+     *
+     * @param data - The CBOR-encoded bytes to decode.
+     * @returns The decoded JavaScript value.
+     * @throws If the input is not valid CBOR.
+     */
+    static decode<T = unknown>(data: Uint8Array): T;
+}
+//# sourceMappingURL=cbor.d.ts.map

package/dist/types/cose/cbor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cbor.d.ts","sourceRoot":"","sources":["../../../src/cose/cbor.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,qBAAa,IAAI;IACf;;;;;;OAMG;WACW,MAAM,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU;IAIhD;;;;;;;;;OASG;WACW,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC;CAGvD"}

package/dist/types/cose/cose-key.d.ts

@@ -0,0 +1,106 @@
+import type { Jwk } from '../jose/jwk.js';
+/**
+ * COSE Key Type values (RFC 9052, Section 7).
+ *
+ * @see {@link https://www.iana.org/assignments/cose/cose.xhtml#key-type | IANA COSE Key Types}
+ */
+export declare enum CoseKeyType {
+    /** Octet Key Pair (e.g., Ed25519, X25519) */
+    OKP = 1,
+    /** Elliptic Curve (e.g., P-256, P-384, P-521) */
+    EC2 = 2,
+    /** Symmetric key */
+    Symmetric = 4
+}
+/**
+ * COSE Elliptic Curve identifiers (RFC 9053, Section 7.1).
+ *
+ * @see {@link https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves | IANA COSE Elliptic Curves}
+ */
+export declare enum CoseEllipticCurve {
+    /** NIST P-256 (secp256r1) */
+    P256 = 1,
+    /** NIST P-384 (secp384r1) */
+    P384 = 2,
+    /** NIST P-521 (secp521r1) */
+    P521 = 3,
+    /** X25519 for ECDH */
+    X25519 = 4,
+    /** X448 for ECDH */
+    X448 = 5,
+    /** Ed25519 for EdDSA */
+    Ed25519 = 6,
+    /** Ed448 for EdDSA */
+    Ed448 = 7,
+    /** secp256k1 */
+    Secp256k1 = 8
+}
+/**
+ * COSE Algorithm identifiers (RFC 9053).
+ *
+ * Only includes algorithms relevant to Enbox confidential compute.
+ *
+ * @see {@link https://www.iana.org/assignments/cose/cose.xhtml#algorithms | IANA COSE Algorithms}
+ */
+export declare enum CoseAlgorithm {
+    /** EdDSA (Ed25519 or Ed448) */
+    EdDSA = -8,
+    /** ECDSA with SHA-256 (P-256) */
+    ES256 = -7,
+    /** ECDSA with SHA-384 (P-384) */
+    ES384 = -35,
+    /** ECDSA with SHA-512 (P-521) */
+    ES512 = -36,
+    /** ECDSA with SHA-256 (secp256k1) */
+    ES256K = -47
+}
+/**
+ * Utilities for converting between JWK and COSE key representations.
+ *
+ * COSE keys use integer labels and CBOR encoding, while JWK uses string
+ * property names and JSON. This class provides bidirectional conversion.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-7 | RFC 9052, Section 7}
+ */
+export declare class CoseKey {
+    /**
+     * Converts a JWK to a COSE key represented as a Map.
+     *
+     * @param jwk - The JWK to convert.
+     * @returns A Map with integer labels as keys, suitable for CBOR encoding.
+     * @throws {CryptoError} If the JWK key type or curve is not supported.
+     */
+    static fromJwk(jwk: Jwk): Map<number, unknown>;
+    /**
+     * Converts a COSE key Map to a JWK.
+     *
+     * @param coseKey - A Map with integer labels as keys (from CBOR decoding).
+     * @returns The equivalent JWK.
+     * @throws {CryptoError} If the COSE key type or curve is not supported.
+     */
+    static toJwk(coseKey: Map<number, unknown>): Jwk;
+    /**
+     * Infers the COSE algorithm identifier from a JWK.
+     *
+     * If the JWK has an `alg` field, it is used directly. Otherwise, the algorithm
+     * is inferred from the key type and curve.
+     *
+     * @param jwk - The JWK to infer the algorithm from.
+     * @returns The COSE algorithm identifier.
+     * @throws {CryptoError} If the algorithm cannot be determined.
+     */
+    static algorithmFromJwk(jwk: Jwk): CoseAlgorithm;
+    /**
+     * Maps a COSE algorithm identifier to a JWK algorithm name.
+     *
+     * @param alg - The COSE algorithm identifier.
+     * @returns The JWK algorithm name.
+     * @throws {CryptoError} If the algorithm is not supported.
+     */
+    static algorithmToJwk(alg: CoseAlgorithm): string;
+    /**
+     * Applies common COSE key fields (kid, alg) to a JWK.
+     */
+    private static applyCommonFields;
+}
+//# sourceMappingURL=cose-key.d.ts.map

package/dist/types/cose/cose-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-key.d.ts","sourceRoot":"","sources":["../../../src/cose/cose-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAM1C;;;;GAIG;AACH,oBAAY,WAAW;IACrB,6CAA6C;IAC7C,GAAG,IAAI;IACP,iDAAiD;IACjD,GAAG,IAAI;IACP,oBAAoB;IACpB,SAAS,IAAI;CACd;AAED;;;;GAIG;AACH,oBAAY,iBAAiB;IAC3B,6BAA6B;IAC7B,IAAI,IAAI;IACR,6BAA6B;IAC7B,IAAI,IAAI;IACR,6BAA6B;IAC7B,IAAI,IAAI;IACR,sBAAsB;IACtB,MAAM,IAAI;IACV,oBAAoB;IACpB,IAAI,IAAI;IACR,wBAAwB;IACxB,OAAO,IAAI;IACX,sBAAsB;IACtB,KAAK,IAAI;IACT,gBAAgB;IAChB,SAAS,IAAI;CACd;AAED;;;;;;GAMG;AACH,oBAAY,aAAa;IACvB,+BAA+B;IAC/B,KAAK,KAAK;IACV,iCAAiC;IACjC,KAAK,KAAK;IACV,iCAAiC;IACjC,KAAK,MAAM;IACX,iCAAiC;IACjC,KAAK,MAAM;IACX,qCAAqC;IACrC,MAAM,MAAM;CACb;AAmFD;;;;;;;GAOG;AACH,qBAAa,OAAO;IAClB;;;;;;OAMG;WACW,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC;IAmDrD;;;;;;OAMG;WACW,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,GAAG;IA6DvD;;;;;;;;;OASG;WACW,gBAAgB,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa;IAyBvD;;;;;;OAMG;WACW,cAAc,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM;IAOxD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/types/cose/cose-sign1.d.ts

@@ -0,0 +1,195 @@
+import type { Jwk } from '../jose/jwk.js';
+import { CoseAlgorithm } from './cose-key.js';
+/**
+ * COSE_Sign1 protected header parameters.
+ *
+ * The protected header is integrity-protected by inclusion in the Sig_structure.
+ * At minimum, it MUST contain the algorithm identifier.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4 | RFC 9052, Section 4}
+ */
+export interface CoseSign1ProtectedHeader {
+    /** Algorithm identifier (label 1). Required. */
+    alg: CoseAlgorithm;
+    /** Content type (label 3). */
+    contentType?: string | number;
+    /** Key ID (label 4). */
+    kid?: Uint8Array;
+    /** Additional header parameters. */
+    [key: string]: unknown;
+}
+/**
+ * COSE_Sign1 unprotected header parameters.
+ *
+ * These parameters are NOT integrity-protected.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4 | RFC 9052, Section 4}
+ */
+export interface CoseSign1UnprotectedHeader {
+    /** Key ID (label 4). */
+    kid?: Uint8Array;
+    /** Additional header parameters. */
+    [key: string]: unknown;
+}
+/**
+ * Parameters for creating a COSE_Sign1 structure.
+ */
+export interface CoseSign1CreateParams {
+    /** The signing key in JWK format. Must contain the private key (`d`). */
+    key: Jwk;
+    /** The payload to sign. */
+    payload: Uint8Array;
+    /**
+     * Protected header parameters. If omitted, the algorithm is inferred from the key
+     * and a minimal protected header `{ alg }` is used.
+     */
+    protectedHeader?: CoseSign1ProtectedHeader;
+    /** Unprotected header parameters. */
+    unprotectedHeader?: CoseSign1UnprotectedHeader;
+    /**
+     * External additional authenticated data (external_aad).
+     * Included in the Sig_structure but not in the COSE_Sign1 message itself.
+     * Defaults to empty bytes.
+     */
+    externalAad?: Uint8Array;
+    /**
+     * If true, the payload is detached (not included in the COSE_Sign1 serialization).
+     * The payload field in the CBOR array will be `null`.
+     */
+    detachedPayload?: boolean;
+}
+/**
+ * Parameters for verifying a COSE_Sign1 structure.
+ */
+export interface CoseSign1VerifyParams {
+    /** The COSE_Sign1 CBOR-encoded message to verify. */
+    coseSign1: Uint8Array;
+    /** The public key in JWK format for verification. */
+    key: Jwk;
+    /**
+     * External additional authenticated data (external_aad).
+     * Must match the value used during signing.
+     * Defaults to empty bytes.
+     */
+    externalAad?: Uint8Array;
+    /**
+     * Detached payload. Required if the COSE_Sign1 was created with `detachedPayload: true`.
+     */
+    payload?: Uint8Array;
+}
+/**
+ * Decoded COSE_Sign1 structure.
+ */
+export interface CoseSign1Decoded {
+    /** The protected header parameters (decoded from CBOR). */
+    protectedHeader: CoseSign1ProtectedHeader;
+    /** The raw protected header bytes (needed for signature verification). */
+    protectedHeaderBytes: Uint8Array;
+    /** The unprotected header parameters. */
+    unprotectedHeader: Map<number, unknown>;
+    /** The payload (null if detached). */
+    payload: Uint8Array | null;
+    /** The signature. */
+    signature: Uint8Array;
+}
+/**
+ * CBOR tag for COSE_Sign1 (RFC 9052, Section 4.2).
+ */
+/**
+ * COSE_Sign1 implementation per RFC 9052.
+ *
+ * Provides creation, verification, and decoding of COSE_Sign1 (single-signer)
+ * signed messages. This is the CBOR-based counterpart to JOSE/JWS and is used
+ * in TEE attestation (EAT tokens), CWT, and other COSE-based protocols.
+ *
+ * Supported algorithms:
+ * - EdDSA (Ed25519) — CoseAlgorithm.EdDSA (-8)
+ * - ES256 (P-256 / secp256r1 with SHA-256) — CoseAlgorithm.ES256 (-7)
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4.3 | RFC 9052, Section 4.3}
+ */
+export declare class CoseSign1 {
+    /**
+     * Creates a COSE_Sign1 message.
+     *
+     * Constructs the `Sig_structure1` to-be-signed bytes per RFC 9052 Section 4.4,
+     * signs them with the provided key, and returns the CBOR-encoded COSE_Sign1 array:
+     *
+     * ```
+     * COSE_Sign1 = [
+     *   protected : bstr,       ; CBOR-encoded protected header
+     *   unprotected : map,      ; unprotected header parameters
+     *   payload : bstr / nil,   ; payload (nil if detached)
+     *   signature : bstr        ; signature
+     * ]
+     * ```
+     *
+     * @param params - The parameters for creating the COSE_Sign1 message.
+     * @returns The CBOR-encoded COSE_Sign1 message.
+     * @throws {CryptoError} If the algorithm is not supported or signing fails.
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4.3 | RFC 9052, Section 4.3}
+     * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4.4 | RFC 9052, Section 4.4}
+     */
+    static create(params: CoseSign1CreateParams): Promise<Uint8Array>;
+    /**
+     * Verifies a COSE_Sign1 message.
+     *
+     * Decodes the CBOR-encoded message, reconstructs the `Sig_structure1`, and verifies
+     * the signature using the provided public key.
+     *
+     * @param params - The parameters for verifying the COSE_Sign1 message.
+     * @returns `true` if the signature is valid, `false` otherwise.
+     * @throws {CryptoError} If the message is malformed or the algorithm is not supported.
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4.4 | RFC 9052, Section 4.4}
+     */
+    static verify(params: CoseSign1VerifyParams): Promise<boolean>;
+    /**
+     * Decodes a CBOR-encoded COSE_Sign1 message into its constituent parts.
+     *
+     * The COSE_Sign1 structure is a CBOR array of four elements:
+     * ```
+     * [protected, unprotected, payload, signature]
+     * ```
+     *
+     * The message may optionally be wrapped in CBOR tag 18.
+     *
+     * @param coseSign1 - The CBOR-encoded COSE_Sign1 message.
+     * @returns The decoded COSE_Sign1 components.
+     * @throws {CryptoError} If the message does not conform to COSE_Sign1 structure.
+     */
+    static decode(coseSign1: Uint8Array): CoseSign1Decoded;
+    /**
+     * Builds the Sig_structure1 array for COSE_Sign1 signing and verification.
+     *
+     * ```
+     * Sig_structure1 = [
+     *   context : "Signature1",
+     *   body_protected : bstr,
+     *   external_aad : bstr,
+     *   payload : bstr
+     * ]
+     * ```
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc9052#section-4.4 | RFC 9052, Section 4.4}
+     */
+    private static buildSigStructure1;
+    /**
+     * Converts a {@link CoseSign1ProtectedHeader} to a CBOR Map with integer labels.
+     */
+    private static buildProtectedHeaderMap;
+    /**
+     * Converts a {@link CoseSign1UnprotectedHeader} to a CBOR Map with integer labels.
+     */
+    private static buildUnprotectedHeaderMap;
+    /**
+     * Signs the to-be-signed bytes with the appropriate algorithm.
+     */
+    private static signBytes;
+    /**
+     * Verifies a signature over the to-be-signed bytes with the appropriate algorithm.
+     */
+    private static verifyBytes;
+}
+//# sourceMappingURL=cose-sign1.d.ts.map

package/dist/types/cose/cose-sign1.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-sign1.d.ts","sourceRoot":"","sources":["../../../src/cose/cose-sign1.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAK1C,OAAO,EAAE,aAAa,EAAW,MAAM,eAAe,CAAC;AAGvD;;;;;;;GAOG;AACH,MAAM,WAAW,wBAAwB;IACvC,gDAAgD;IAChD,GAAG,EAAE,aAAa,CAAC;IAEnB,8BAA8B;IAC9B,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAE9B,wBAAwB;IACxB,GAAG,CAAC,EAAE,UAAU,CAAC;IAEjB,oCAAoC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,0BAA0B;IACzC,wBAAwB;IACxB,GAAG,CAAC,EAAE,UAAU,CAAC;IAEjB,oCAAoC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,yEAAyE;IACzE,GAAG,EAAE,GAAG,CAAC;IAET,2BAA2B;IAC3B,OAAO,EAAE,UAAU,CAAC;IAEpB;;;OAGG;IACH,eAAe,CAAC,EAAE,wBAAwB,CAAC;IAE3C,qCAAqC;IACrC,iBAAiB,CAAC,EAAE,0BAA0B,CAAC;IAE/C;;;;OAIG;IACH,WAAW,CAAC,EAAE,UAAU,CAAC;IAEzB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,qDAAqD;IACrD,SAAS,EAAE,UAAU,CAAC;IAEtB,qDAAqD;IACrD,GAAG,EAAE,GAAG,CAAC;IAET;;;;OAIG;IACH,WAAW,CAAC,EAAE,UAAU,CAAC;IAEzB;;OAEG;IACH,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,2DAA2D;IAC3D,eAAe,EAAE,wBAAwB,CAAC;IAE1C,0EAA0E;IAC1E,oBAAoB,EAAE,UAAU,CAAC;IAEjC,yCAAyC;IACzC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAExC,sCAAsC;IACtC,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IAE3B,qBAAqB;IACrB,SAAS,EAAE,UAAU,CAAC;CACvB;AAgBD;;GAEG;AAGH;;;;;;;;;;;;GAYG;AACH,qBAAa,SAAS;IACpB;;;;;;;;;;;;;;;;;;;;;OAqBG;WACiB,MAAM,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC;IAwC9E;;;;;;;;;;;OAWG;WACiB,MAAM,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC;IAgC3E;;;;;;;;;;;;;OAaG;WACW,MAAM,CAAC,SAAS,EAAE,UAAU,GAAG,gBAAgB;IA6F7D;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAajC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAgBtC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,yBAAyB;IAUxC;;OAEG;mBACkB,SAAS;IAoB9B;;OAEG;mBACkB,WAAW;CAoBjC"}