Summary
wolfCOSE's COSE_Key serialization currently supports RSA public keys only.
A generated RSA-PSS key therefore cannot be re-loaded for signing after a
COSE_Key encode/decode round-trip, so keygen -> sign -> verify is not yet
available for PS256/384/512 (ECDSA, EdDSA, and ML-DSA round-trip fully).
Scope
Extend the RSA COSE_Key encode/decode to carry the full private key per
RFC 8230 so a round-tripped RSA key can sign. This is a self-contained
enhancement and should land in its own reviewed PR.
Status
Tracked as a known limitation. In PR #33 the RSA decode keeps the documented
public-key-only behavior (with a TODO referencing this issue), and the
command-line tool test smoke-tests RSA keygen while skipping the RSA
sign/verify round-trip until this is implemented.
Summary
wolfCOSE's COSE_Key serialization currently supports RSA public keys only.
A generated RSA-PSS key therefore cannot be re-loaded for signing after a
COSE_Key encode/decode round-trip, so
keygen -> sign -> verifyis not yetavailable for PS256/384/512 (ECDSA, EdDSA, and ML-DSA round-trip fully).
Scope
Extend the RSA COSE_Key encode/decode to carry the full private key per
RFC 8230 so a round-tripped RSA key can sign. This is a self-contained
enhancement and should land in its own reviewed PR.
Status
Tracked as a known limitation. In PR #33 the RSA decode keeps the documented
public-key-only behavior (with a TODO referencing this issue), and the
command-line tool test smoke-tests RSA keygen while skipping the RSA
sign/verify round-trip until this is implemented.