Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Cose Lib
Assessments

Cose Lib Laravel Package

web-auth/cose-lib

PHP 8.1+ COSE (RFC 9052/9053) library supporting Sign1/Sign, Encrypt0/Encrypt, Mac0/Mac with full tag support. Implements ECDSA, EdDSA, RSA and HMAC algorithms for signing, encryption and MAC; compatible with WebAuthn/FIDO2.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Standardization of cryptographic signatures/encryption: Adopting COSE (CBOR Object Signing and Encryption) aligns with modern web standards (e.g., WebAuthn, FIDO2, EU Digital COVID Certificates) and reduces reliance on legacy formats like JWS/JWE.
  • Roadmap for IoT/embedded security: Enables lightweight, compact cryptographic operations for constrained devices (e.g., CBOR’s binary efficiency over JSON).
  • Build vs. buy: Avoids reinventing COSE support from scratch, leveraging a maintained library with RFC compliance (RFC 9052/9053) and WebAuthn/FIDO2 compatibility.
  • Use cases:
    • Digital health: Validate EU Digital COVID Certificates or similar health passes.
    • Authentication: Secure WebAuthn/FIDO2 attestation/assertion flows (e.g., passwordless logins).
    • Document integrity: Compact signatures for legal/financial documents (replacing PDF signatures).
    • IoT security: Encrypted messaging between devices with limited resources.

When to Consider This Package

  • Adopt if:

    • Your system requires COSE compliance (e.g., EU Digital COVID Certificates, WebAuthn, or IoT protocols).
    • You need compact binary signatures/encryption (CBOR is ~30% smaller than JSON Web Signatures).
    • Your stack uses PHP 8.1+ and supports OpenSSL/JSON extensions.
    • You prioritize RFC-standardized cryptography over proprietary formats.

  • Look elsewhere if:

    • You’re locked into JWS/JWE (JSON Web Signatures/Encryption) and lack urgency to migrate.
    • Your team lacks CBOR expertise (requires spomky-labs/cbor-php dependency).
    • You need active community support (18 stars, 0 dependents may indicate niche adoption).
    • Your use case is non-cryptographic (e.g., simple API keys where COSE overhead is unjustified).

How to Pitch It (Stakeholders)

For Executives: "This library enables us to adopt COSE, a modern cryptographic standard for compact, secure signatures/encryption—critical for EU Digital COVID Certificates, WebAuthn logins, and IoT security. By using this PHP package, we avoid building COSE support from scratch, reducing development risk while future-proofing our authentication infrastructure. The MIT license and RFC compliance ensure long-term viability."

For Engineering: "The web-auth/cose-lib provides a battle-tested PHP implementation of COSE (RFC 9052/9053) with support for ECDSA, EdDSA, RSA, and HMAC algorithms. It integrates with spomky-labs/cbor-php for binary efficiency and offers type-safe APIs for signing/verifying COSE_Sign1, COSE_Encrypt0, and MAC operations. Ideal for replacing JWS/JWE in constrained environments or adding WebAuthn/FIDO2 support. Requires PHP 8.1+ and OpenSSL."

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
cuci/prototurk-sdk
gos/pubsub-router-bundle
cuci/prototurk-sdk-symfony
clementtalleu/easyadmin-markdown-bundle
codeflextech/permission-manager
karnoweb/livewire-datepicker
sayedenam/sayed-dashboard
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment