jwtjoseed25519

alg value for Ed25519?

The RFC7518 has a list of algorithms values used in JWT. However there is no value for EdDSA, such as Ed25519. Also Ed25519 is not accepted as a valid value when verifying in Jose. What is the correct alg value for Ed25519?

Solution

  • ED25519 is an EdDSA (Edwards-curve DSA) signature scheme. See also RFC8037 and RFC8032.

    According to the jose documentation alg needs to be set to EdDSA:

    JWS Algorithm: Edwards-curve DSA
    alg: EdDSA

    EdDSAis also listed in the section JSON Web Signature and Encryption Algorithms of the IANA Registry (thanks @Florent Morselli for the hint)

    Here I show an example how to generate an ed25519 keypair and a signed token using Node.js Crypto and jose, then verify the token with the public key in Python:

    Generate key pair and token:

    const { SignJWT } = require('jose/jwt/sign')
const { generateKeyPairSync } = require('node:crypto')

const { publicKey, privateKey } = generateKeyPairSync('ed25519');
console.log(publicKey.export({format:'pem',type:'spki'}))
console.log(privateKey.export({format:'pem',type:'pkcs8'}))

const jwt = await new SignJWT({ 'id': 1 })
    .setProtectedHeader({ alg: 'EdDSA' })
    .setExpirationTime('2h')
    .sign(privateKey)

console.log(jwt)

    -----BEGIN PUBLIC KEY-----
    MCowBQYDK2VwAyEA7fySb/9h7hVH8j1paD5IoLfXj4prjfNLwOPUYKvsTOc=
    -----END PUBLIC KEY-----

    -----BEGIN PRIVATE KEY-----
    MC4CAQAwBQYDK2VwBCIEIIJtJBnTuKbIy5YjoNiH95ky3DcA3kRB0I2i7DkVM6Cf
    -----END PRIVATE KEY-----

    eyJhbGciOiJFZERTQSJ9.eyJpZCI6MX0.RAxBAQPFOxrCfgqb56eaAz9u2lByj-WEO- JWgJH3Cyx1o1Hwjn1pA2M4NgJeob9vb2Oaw4FOeYFr6_33XMTnAQ

    The decoded token header:

    
{
  "alg": "EdDSA"
}

    Verify the token in Python with PyJWT:

    import jwt

public_key = """-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEA7fySb/9h7hVH8j1paD5IoLfXj4prjfNLwOPUYKvsTOc=
-----END PUBLIC KEY-----"""

token = 'eyJhbGciOiJFZERTQSJ9.eyJpZCI6MX0.RAxBAQPFOxrCfgqb56eaAz9u2lByj-WEO-JWgJH3Cyx1o1Hwjn1pA2M4NgJeob9vb2Oaw4FOeYFr6_33XMTnAQ'

decoded = jwt.decode(token, public_key, algorithms='EdDSA', verify=True)
print(decoded)

    Note: jwt.io currently doesn't support the EdDSA/ED25519 algorithm, so you can't verify the token on that site. I also don't know about any other JWT website that can verify EdDSA signed tokens.