Code sample that demonstrates the issue.
encoded_key='pQECAyYgASFYHynGYDi87vkqpFOep_onzrmNjPdVBthCuIua9pvBCssiWCBZnNAreTzLOVZrLcTrh6eh-v5GrdemuIS-bVvXrk7Wdw=='
sample_key=COSE::Key.deserialize(Base64.urlsafe_decode64(encoded_key))
sample_key.to_pkey
# This fails with:
# OpenSSL::PKey::EC::Point::Error: EC_POINT_bn2point: invalid encoding
# from .../.rbenv/versions/3.3.0/lib/ruby/gems/3.3.0/gems/cose-1.3.0/lib/cose/key/ec2.rb:72:in `initialize'
puts "x.length = #{sample_key.x.length} / y.length = #{sample_key.y.length}"
# This prints:
# x.length = 31 / y.length = 32
Apparently some platforms omit leading zeros when encoding coordinates from EC keys. The example key above was generated in an iOS device by Apple's AppAttest.
Ruby-JWT gem also had to handle this issue to avoid the error.
jwt/ruby-jwt#585
I believe the fix could be relatively straightforward. Basically we need to patch this line to ensure x/y have the right length and if not add leading zeros.
https://github.com/cedarcode/cose-ruby/blob/fcde72f1351d3ba964500d91a19ab0e2d84a5878/lib/cose/key/ec2.rb#L71C27-L71C61
Code sample that demonstrates the issue.
Apparently some platforms omit leading zeros when encoding coordinates from EC keys. The example key above was generated in an iOS device by Apple's AppAttest.
Ruby-JWT gem also had to handle this issue to avoid the error.
jwt/ruby-jwt#585
I believe the fix could be relatively straightforward. Basically we need to patch this line to ensure x/y have the right length and if not add leading zeros.
https://github.com/cedarcode/cose-ruby/blob/fcde72f1351d3ba964500d91a19ab0e2d84a5878/lib/cose/key/ec2.rb#L71C27-L71C61