Signature will contain a DID issuer header which will point back to the did document hosted here .well-known/did.json
There will also be a payload wrapped inside along with a header indicating the content type of the payload (text/plain).
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/create' -X POST \ --form payload='{"foo":"bar"}' \ --form contenttype='application/json' \ -o signature.cose
Verification will download did:web keys from the given signature issuer and will validate the signature against it.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/verify' -X POST \ --form signaturefile='@./my/signature/file.cose'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/signature/verify' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77'
This implementation produces a full countersignature - COSE_Countersignature aka receipt. It contains a signature over the details of the submitted COSE_Sign1 parts (CounterSignatureV2). Please refer to RFC9338 for more details on countersignatures.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/create' -X POST \ --form signaturefile='@./my/signature/file.cose' --form receipttype='embedded'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/create' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77' --form receipttype='embedded'
For the verification it is necessary to have both the receipt and the original signature. The receipt might be embedded into the original signature or be a separate file.
Using a file:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/verify' -X POST \ --form signaturefile='@./my/signature/file.cose' --form receiptfile='@./my/signature/receipt.cbor'
Using a hex value:
curl -L 'https://playground-cose-eastus-api.azurewebsites.net/receipt/verify' -X POST \ --form signaturehex='d2845828a301260446666f6f...17219018758186469643a77' --form receipthex='d2845828a301260446666f6f...17219018758186469643a77'
To preview signature use the following websites