ONLY COSE receipts in snapshots#7711
Merged
maxtropets merged 6 commits intomicrosoft:mainfrom Mar 11, 2026
Merged
Conversation
maxtropets
force-pushed
the
f/snapshot-cose-receipts
branch
3 times, most recently
from
55ebee0 to
2961443
Compare
maxtropets
force-pushed
the
f/snapshot-cose-receipts
branch
from
2961443 to
e6657ce
Compare
maxtropets
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Updates snapshot receipt handling to use COSE receipts (while retaining support for parsing legacy JSON receipts), enabling COSE-only ledgers and future PQC-friendly receipts.
Changes:
- Switch snapshot generation to record/store COSE signatures rather than classic (node-cert-based) signatures.
- Extend snapshot receipt deserialisation/verification to detect and handle COSE vs JSON receipt formats.
- Update Python snapshot parsing to verify COSE receipts and update recovery test expectations.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/recovery.py | Updates expected error string when snapshot signer doesn’t match the provided previous service identity. |
| src/node/test/snapshotter.cpp | Adjusts snapshotter test helper to record a dummy COSE signature instead of classic signature fields. |
| src/node/snapshotter.h | Removes classic signature fields from pending snapshot info and records COSE signatures for snapshot receipts. |
| src/node/snapshot_serdes.h | Adds COSE receipt parsing/verification path and switches snapshot receipt serialisation to COSE. |
| src/node/node_state.h | Hooks snapshotter signature recording to the COSE signatures table rather than classic signatures. |
| python/src/ccf/ledger.py | Adds snapshot receipt verification dispatch (COSE vs JSON) and COSE snapshot receipt verification using service identity from the snapshot. |
eddyashton
approved these changes
Mar 11, 2026
This was referenced Mar 12, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Towards #7401.
Snapshots now carry COSE-signed receipts, which will be supported both by old ledgers signing both ways (classic + COSE), and new (COSE-only).
This will also enable PQC via COSE signature in the future, as the receipt format will remain COSE.
This needs #7712 to be merged for backwards compatibility with 6.x.