RFC 8037#
RFC8037 defines the use of Edwards-Curve Digital Signature Algorithm (EdDSA) for JSON Web Signature (JWS) and JSON Web Key (JWK).
It introduces support for:
The
OKP(Octet Key Pair) JWK key typeEdDSAsignature algorithm
Definition#
RFC 8037 extends JOSE by defining how EdDSA-based keys and signatures are represented and processed within the JWS and JWK frameworks.
The specification primarily introduces:
OKP key type for Ed25519, Ed448, X25519, X448
JWS ``alg`` = “EdDSA”
Proper encoding and validation requirements using raw EdDSA signatures
Implementation#
joserfc includes full RFC 8037 support:
OKP key handling (Ed25519, Ed448, X25519, X448)
JWS signature creation and verification using
EdDSAJWK parsing and serialization for OKP keys
Private modules#
The source code is implemented in internal modules joserfc/_rfc8037.
Public exports#
Public classes and utilities are re-exported through joserfc.jwk.
You should always interact with joserfc.jwk module.
Example Usage#
Signing with an Ed25519 key:
from joserfc import jws
from joserfc.jwk import OKPKey
private_key = OKPKey.generate_key("Ed25519")
payload = b"hello"
protected = {"alg": "EdDSA"}
output = jws.serialize_compact(protected, payload, private_key, algorithms=["EdDSA"])
Verification:
public_key = OKPKey.import_key(private_key.as_dict(private=False))
jws.deserialize_compact(output, public_key, algorithms=["EdDSA"])
joserfc handles OKP key parsing, normalization, and EdDSA signature
validation according to RFC 8037.