We are excited to announce the first stable release of wolfCOSE 1.0.0, a complete, zero-allocation C implementation of CBOR (RFC 8949) and COSE (RFC 9052/9053) built on top of wolfCrypt. wolfCOSE brings standards-based signing, encryption, and authentication of CBOR data to even the smallest embedded targets, with a tiny footprint, no dynamic memory, and a clear path to FIPS 140-3.
What is COSE?
COSE (CBOR Object Signing and Encryption) is the compact, binary counterpart to JOSE/JWT. Where JOSE secures JSON, COSE secures CBOR, the concise binary data format used across IoT, firmware update (SUIT), attestation (EAT), W3C WebAuthn, and digital credentials. COSE is the cryptographic message format of choice when every byte and every allocation counts, which makes it a natural fit for the constrained devices wolfSSL has always targeted.
A complete COSE implementation
wolfCOSE 1.0.0 implements all six COSE message types from RFC 9052, in both single-actor and multi-actor forms:
- COSE_Sign1 / COSE_Sign: single-signer and multi-signer signatures
- COSE_Encrypt0 / COSE_Encrypt: single-recipient and multi-recipient encryption
- COSE_Mac0 / COSE_Mac: single-key and multi-recipient authentication
It ships with its own dependency-free CBOR engine (RFC 8949) that enforces deterministic/preferred encoding and rejects non-preferred or trailing input on decode, plus full COSE_Key / COSE_KeySet serialization, including complete RFC 8230 RSA private keys.
40 algorithms, including post-quantum
wolfCOSE 1.0.0 supports 40 algorithms across signing, encryption, MAC, and key distribution (RFC 9053):
- Signing: ES256/384/512, EdDSA (Ed25519/Ed448), PS256/384/512
- Encryption: AES-GCM (128/192/256), AES-CCM variants, ChaCha20-Poly1305
- MAC: HMAC-SHA256/384/512, AES-MAC
- Key distribution: Direct, AES Key Wrap, ECDH-ES + HKDF
- Post-quantum: ML-DSA-44/65/87
Of particular note is standardized post-quantum signing: wolfCOSE implements ML-DSA (FIPS 204) at all three security levels, conformant to RFC 9964 (“ML-DSA for JOSE and COSE”), using the RFC 9964 AKP key type. This lets you sign and verify CBOR objects with quantum-resistant signatures today, using the canonical, standards-track encoding.
Built for embedded: zero allocation, tiny footprint
wolfCOSE was designed from the start for deeply embedded use:
- Zero dynamic allocation. Every operation uses caller-provided buffers, with no heap and no hidden .data or .bss. Memory use is deterministic, which matters for safety-critical and FIPS deployments.
- Tiny footprint. An ES256 COSE_Sign1 build is roughly 5.1 KB verify-only and 6.8 KB sign + verify for the wolfCOSE COSE + CBOR engine.
- Lean configuration layer. WOLFCOSE_LEAN, WOLFCOSE_HAVE_* feature gates, verify-only profiles, and a bounded-stack WOLFCOSE_MIN_BUFFERS mode let you compile in only what you need. Verify-only ECC images link cleanly against sign-disabled wolfCrypt.
Quality and standards
- Path to FIPS 140-3 through wolfCrypt FIPS Certificate #4718. wolfCrypt is wolfCOSE’s sole cryptographic dependency.
- MISRA C:2012 and C:2023 checked.
- Extensively tested: ~240 algorithm-combination round-trips, static analysis (cppcheck, Clang analyzer, GCC -fanalyzer, Coverity), CodeQL and Semgrep security scanning, ASan/UBSan sanitizers, and a wolfCOSE ? t_cose wire-interop conformance suite.
- Standards implemented: RFC 8949 (CBOR), RFC 9052/9053 (COSE), RFC 8230 (RSA keys for COSE), and RFC 9964 (ML-DSA for JOSE and COSE).
Getting wolfCOSE
wolfCOSE requires wolfSSL 5.8.0 or later as its crypto backend (post-quantum ML-DSA requires wolfSSL 5.9.2 or later). It is a Makefile-only project whose only dependency is wolfCrypt. Run make, make test, and you are running.
-
Source: https://github.com/wolfSSL/wolfCOSE
Release: https://github.com/wolfSSL/wolfCOSE/releases/tag/v1.0.0
Documentation: see the project README and wiki
wolfCOSE is dual-licensed under GPLv3 and a commercial license. If you are building a product and need commercial licensing, FIPS, or support, please reach out.
Have questions, or want to tell us about your COSE use case? Contact us any time at facts@wolfssl.com or support@wolfssl.com, or call +1 425 245 8247. We would love to hear what you are building.
Download wolfSSL Now

