Skip to content

Add EdDSA support to NimbusJwtEncoder#19175

Draft
therepanic wants to merge 3 commits into
spring-projects:mainfrom
therepanic:gh-17098
Draft

Add EdDSA support to NimbusJwtEncoder#19175
therepanic wants to merge 3 commits into
spring-projects:mainfrom
therepanic:gh-17098

Conversation

@therepanic
Copy link
Copy Markdown
Contributor

@therepanic therepanic commented May 13, 2026
edited
Loading

NimbusJwtEncoder did not support EdDSA family algorithms. This commit adds support for signing JWTs with EdDSA keys.

Closes: gh-17098

Note: This is still a WIP and tests are still failing.

@therepanic
Add EdDSA support to NimbusJwtEncoder
7968409 
NimbusJwtEncoder did not support EdDSA family algorithms. This commit
adds support for signing JWTs with EdDSA keys.

Closes: spring-projectsgh-17098

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 13, 2026
therepanic
therepanic commented May 13, 2026
View reviewed changes
Comment thread ...uth2-jose/src/main/java/org/springframework/security/oauth2/jose/jws/SignatureAlgorithm.java Outdated
Comment on lines +89 to +92
/**
* EdDSA signature algorithms using Ed448 curve (optional).
*/
ED448(JwsAlgorithms.ED448),
Copy link
Copy Markdown
Contributor Author

@therepanic therepanic May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should support this too.

Copy link
Copy Markdown
Contributor

@gbaso gbaso May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A small note: ED448 should be listed after ED25519, as the latter is based on the prime 2^255 - 19 and offers ~128 bits of security (similar to PS256), while the former is based on the larger prime 2^448 - 2^224 - 1, and offers ~224 bits of security (between PS384 and PS512).

I think listing ED448 before ED25519 could give the wrong impression that it is cryptographically weaker.

Copy link
Copy Markdown
Contributor Author

@therepanic therepanic May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, that is a very good point. Exactly the same thing is done in com.nimbusds.jose.JWSAlgorithm.

@therepanic
Copy link
Copy Markdown
Contributor Author

therepanic commented May 13, 2026
edited
Loading

An interesting observation: Nimbus uses com.google.crypto.tink for EdDSA. I wonder how much of a barrier this is for us. @jgrandja WDYT? Because this is the reason why, in fact, the tests are falling for now.

therepanic added 2 commits May 14, 2026 00:16
@therepanic
Make checkstyle pass
34c16a4 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
@therepanic
Correct EdDSA algorithm ordering
9372ba4 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gbaso gbaso gbaso left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status: waiting-for-triage An issue we've not yet triaged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NimbusJwtEncoder does not support Edwards Curve signature (EdDSA) family algorithms.

3 participants

@therepanic @gbaso @spring-projects-issues