While trying to fix #133, I noticed some other things that could be improved on the public key handling. For now only a draft, it will change a bunch still I think. The main reasons for doing this:
We want to have a smart constructor for public keys, one that verifies that the public key is actually a valid one. This would do the check from #133, but it would also do checks for EdDSA and RSA keys. With this, the user can't ever create an invalid public key.
Avoid duplication of fields: Previously CosePublicKey was an inlined combination of CoseSignAlg and PublicKey, therefore it duplicated all the fields, which is kind of bad
Make verify only return an error when the error is caused by the signature or the message. Previously it would also return an error if the public key doesn't match the passed signature algorithm. This error therefore needs to be handled earlier.
While trying to fix #133, I noticed some other things that could be improved on the public key handling. For now only a draft, it will change a bunch still I think. The main reasons for doing this:
CosePublicKey
was an inlined combination ofCoseSignAlg
andPublicKey
, therefore it duplicated all the fields, which is kind of badverify
only return an error when the error is caused by the signature or the message. Previously it would also return an error if the public key doesn't match the passed signature algorithm. This error therefore needs to be handled earlier.