RFC 8812 · PROPOSED STANDARD · 2020 MON · 15 JUN 2026

CBOR Object Signing and Encryption and JSON Object Signing and Encryption Registrations for Web Authentication Algorithms

By M. Jones · Published August 2020 · DOI 10.17487/RFC8812

Overview

RFC 8812, “CBOR Object Signing and Encryption and JSON Object Signing and Encryption Registrations for Web Authentication Algorithms”, is a Proposed Standard document published in August 2020 by M. Jones. The canonical text is published by the RFC Editor.

Abstract

The W3C Web Authentication (WebAuthn) specification and the FIDO Alliance FIDO2 Client to Authenticator Protocol (CTAP) specification use CBOR Object Signing and Encryption (COSE) algorithm identifiers. This specification registers the following algorithms (which are used by WebAuthn and CTAP implementations) in the IANA "COSE Algorithms" registry: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512, and SHA-1; and Elliptic Curve Digital Signature Algorithm (ECDSA) using the secp256k1 curve and SHA-256. It registers the secp256k1 elliptic curve in the IANA "COSE Elliptic Curves" registry. Also, for use with JSON Object Signing and Encryption (JOSE), it registers the algorithm ECDSA using the secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and Encryption Algorithms" registry and the secp256k1 elliptic curve in the IANA "JSON Web Key Elliptic Curve" registry.

Abstract as published in the RFC, via rfc-editor.org.

What “Proposed Standard” means

An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.

Read this RFC

The canonical text of RFC 8812 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›

Other RFCs from 2020

Abstract

What “Proposed Standard” means

Who Is Online