RFC 9864

RFC9864 defines the concept of fully-specified algorithm identifiers for JOSE and COSE. Under this specification, algorithm names must uniquely and unambiguously determine all underlying cryptographic operations. As a result, ambiguous or polymorphic identifiers are considered deprecated.

Implementation

joserfc implements ONLY the JOSE-related portions of RFC 9864.

In accordance with the specification, the use of the polymorphic EdDSA algorithm identifier is deprecated. You should instead select a fully-specified algorithm:

• Ed25519

• Ed448

By using fully-specified identifiers, you ensure deterministic, interoperable behavior and avoid ambiguity during algorithm negotiation.

Example Usage

Signing with an Ed25519 key:

from joserfc import jws
from joserfc.jwk import OKPKey

private_key = OKPKey.generate_key("Ed25519")
payload = b"hello"
# using Ed25519 instead of EdDSA
protected = {"alg": "Ed25519"}

output = jws.serialize_compact(protected, payload, private_key, algorithms=["Ed25519"])

Verification:

public_key = OKPKey.import_key(private_key.as_dict(private=False))
jws.deserialize_compact(output, public_key, algorithms=["Ed25519"])