Signature will contain a DID issuer header which will point back to the did document hosted here .well-known/did.json
Payload as a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/create' -X POST \ --form payloadfile='@./my/payload/file.txt' \ -o signature.cose
Payload as a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/create' -X POST \ --form payloadhex='d2845828a301260446666f6f...17219018758186469643a77' \ -o signature.cose
Payload as plain text:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/create' -X POST \ --form payload='{"foo":"bar"}' \ --form headerkey='3' \ --form headerval='application/json' \ -o signature.cose
Adding multiple headers:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/create' -X POST \ --form payloadfile='@./my/payload/file' \ --form headerkey='3' \ --form headerval='some/type' \ --form headerkey='15.1' \ --form headerval='did:x509:0:sha256:WE4P5dd8DnLHSkyHaIjhp4udlkF9LqoKwCvu9gl38jk::subject:C:US:ST:California:O:My%20Organisation' \ --form headerkey='33[0]' \ --form headerval='base64Cert' \ --form headerkey='33[1]' \ --form headerval='anotherBase64Cert' \ -o signature.cose
Verification will download did:web keys from the given signature issuer and will validate the signature against it.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/verify' -X POST \ --form signaturefile='@./my/signature/file.cose'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/verify' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77'
This implementation produces a full countersignature - COSE_Countersignature. It contains a signature over the details of the submitted COSE_Sign1 parts (CounterSignatureV2). Please refer to RFC9338 for more details on countersignatures.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/create' -X POST \ --form signaturefile='@./my/signature/file.cose' --form receipttype='embedded'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/create' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77' --form receipttype='embedded'
For the verification it is necessary to have both the receipt and the original signature. The receipt might be embedded into the original signature or be a separate file.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/verify' -X POST \ --form signaturefile='@./my/signature/file.cose' --form receiptfile='@./my/signature/receipt.cbor'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/verify' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77' --form receipthex='d2845828a301260446666f6f...17219018758186469643a77'
To preview signature use the following websites