corim verify requires private key

[DhanusML]

Verifying a signed CoRIM using the public key gives:

> cocli corim verify -f signed-corim.cbor pub_key.jwk
Error: error loading verifying key from ./pub_key.jwk: argument to AssignIfCompatible() must be compatible with *ecdsa.PublicKey (was *crypto.Signer)

When private key is given as input, verification passes.

This happens because the verify function calls corim.NewPublicKeyFromJWK, which tries to initialize crypto.Signer using just a public key: corim/signer.go:132. This results in an error.

To fix this, either corim.NewPublicKeyFromJWK should be fixed or deserialization logic for JWK should be implemented in cocli.

[deeglaze]

See if this works for you veraison/corim#188

…

On Fri, Jun 13, 2025 at 7:07 AM Dhanus M Lal ***@***.***> wrote: *DhanusML* created an issue (veraison/cocli#35) <#35> Verifying a signed CoRIM using the public key gives: > cocli corim verify -f signed-corim.cbor pub_key.jwk Error: error loading verifying key from ./pub_key.jwk: argument to AssignIfCompatible() must be compatible with *ecdsa.PublicKey (was *crypto.Signer) When private key is given as input, verification passes. This happens because the verify function calls corim.NewPublicKeyFromJWK, which tries to initialize crypto.Signer using just a public key: corim/signer.go:132 <https://github.com/veraison/corim/blob/59105a88ad855e2354580e62992946fa1ab639c5/corim/signer.go#L132>. This results in an error. To fix this, either corim.NewPublicKeyFromJWK should be fixed or deserialization logic for JWK should be implemented in cocli. — Reply to this email directly, view it on GitHub <#35>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFL4HEO6EN3524H6V6FHO33DLLL5AVCNFSM6AAAAAB7IHRB4GVHI2DSMVQWIX3LMV43ASLTON2WKOZTGE2DGNZRGA2DGMI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- -Dionna Glaze, PhD, CISSP, CCSP (she/her)

[DhanusML]

See if this works for you veraison/corim#188
…

This works.