# KeyToCose()

Converts a cryptographic key to COSE (CBOR Object Signing and Encryption) format — the key representation used by WebAuthn/passkeys and other CBOR-based protocols. Useful for generating test authenticator responses or interoperating with systems that expect COSE keys.

Accepts a key pair struct, PEM string, or Java key object. Supports EC (P-256, P-384, P-521) and Ed25519 keys.

**Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D)

```
KeyToCose( key=any );
```

**Returns:** struct

# Arguments

| Argument | Type | Required | Description | Default |
|----------|------|----------|-------------|---------|
| key | any | Yes | Key to convert: PublicKey, PrivateKey, PEM string, or key pair struct from GenerateKeyPair() |  |

# Usage Notes

**Input types:** Accepts a key pair struct (from [GenerateKeyPair()](generatekeypair.md)), a PEM string, or a Java key object. If you pass a key pair with both public and private keys, the COSE output includes the private key material in key `-4`.

**Struct keys:** The returned struct uses string keys like `"1"`, `"-1"`, `"-2"` because CFML struct keys are always strings. [CborEncode()](cborencode.md) converts these back to CBOR integer keys when encoding to wire format.

**Supported key types:** EC (P-256, P-384, P-521) and Ed25519. RSA keys are not supported in COSE format.

**Primary use case:** Generating test authenticator data for WebAuthn integration tests, or interoperating with systems that use COSE keys (CWT tokens, COSE_Sign1 messages).

# Examples

```cfml
// Convert an EC key pair to COSE (includes private key material)
keyPair = GenerateKeyPair( "P-256" );
cose = KeyToCose( keyPair );
// cose["1"] == 2 (kty: EC), cose["3"] == -7 (alg: ES256)
// cose["-1"] == 1 (crv: P-256), cose["-2"] and cose["-3"] are binary coords
// cose["-4"] is the private key (binary)

// Convert just the public key (no private material)
cose = KeyToCose( keyPair.public );
// Same as above but without cose["-4"]

// Ed25519 keys
edKp = GenerateKeyPair( "Ed25519" );
cose = KeyToCose( edKp );
// cose["1"] == 1 (kty: OKP), cose["3"] == -8 (alg: EdDSA)
// cose["-1"] == 6 (crv: Ed25519), cose["-2"] is the x coordinate

// Encode the COSE struct to CBOR binary (for sending over the wire)
cborBytes = CborEncode( cose );

// Useful for testing: generate a fake authenticator response
cose = KeyToCose( keyPair );
coseBytes = CborEncode( cose );
// Use coseBytes as the credential public key in test authenticator data

// Roundtrip: KeyToCose then CoseToKey gets you back a working key
keys = CoseToKey( cose );
sig = GenerateSignature( "test", keyPair.private );
isValid = VerifySignature( "test", sig, keys.public ); // true
```







# Categories

[Cryptography](../../categories/crypto.md)

# See Also

[CborEncode()](cborencode.md), [CoseToKey()](cosetokey.md), [GenerateKeyPair()](generatekeypair.md), [KeyToJwk()](keytojwk.md)