jsonwebtoken icon indicating copy to clipboard operation
jsonwebtoken copied to clipboard

Published 20 hours ago verified publisher icon Keats

Add `ES256K` algorithm

Open daniel-mader opened this issue 1 year ago • 1 comments

Are you planning to add more ECDSA algorithms such as ES256K (curve secp256k1)? I looked into ring which currently only seems to support ES256 and ES384. Seems like RustCrypto/elliptic-curves would support it, but I reckon that you would not consider adding the additional k256 crate at this point.

daniel-mader avatar Jun 04 '24 08:06 daniel-mader

Not for now, there are a few PRs to change the backend already:

  1. https://github.com/Keats/jsonwebtoken/pull/377
  2. https://github.com/Keats/jsonwebtoken/pull/318

Keats avatar Jun 05 '24 13:06 Keats

@Keats is there any updates on this? looks like both PRs mentioned above are either merged or closed?

I'd love to get this implemented as it makes using the jwt-cli to debug the Bluesky / AT Protocol access tokens possible. (they use ES256K)

ThisIsMissEm avatar Nov 09 '25 06:11 ThisIsMissEm

Actually, I think I might even be able to do a PR to implement this, using the RustCrypto implementation of k265

The majority of the code looks like it'd actually be in the tests.

ThisIsMissEm avatar Nov 09 '25 07:11 ThisIsMissEm

It should be fine to add yes

Keats avatar Nov 09 '25 20:11 Keats

Okay, well, I tried but I'm probably too inexperienced to get this right: https://github.com/Keats/jsonwebtoken/compare/master...ThisIsMissEm:jsonwebtoken-rs:feat/implement-secp256k1-ES256K?expand=1

There's currently an error in the test to do with the private key being in an invalid format, this was a key that was exported from Node.js via the @atproto/crypto package, and the public key is the public key exported as jwk.

Maybe it's a starting point for someone else though?

ThisIsMissEm avatar Nov 09 '25 21:11 ThisIsMissEm