JSON Web Signature (JWS) with Edwards-Curve Digital Signature Algorithm / Ed25519

This is an example how to create and verify a JSON Web Signature (JWS) using Edwards-curve public / private key cryptography. The payload is a simple string but can also be a JSON string or BASE64URL encoded data.

The Nimbus JOSE+JWT library supports the following EdDSA algorithms:

The example uses the key ID ("kid") parameter of the JWS header to indicate the signing key and simplify key roll-over. The exact method by which the recipient establishes the public EdDSA key candidate(s) to check the signature must be specified by the application's security protocol.

Example code:

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.*;
import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate a key pair with Ed25519 curve
OctetKeyPair jwk = new OctetKeyPairGenerator(Curve.Ed25519)
OctetKeyPair publicJWK = jwk.toPublicJWK();

// Create the EdDSA signer
JWSSigner signer = new Ed25519Signer(jwk);

// Creates the JWS object with payload
JWSObject jwsObject = new JWSObject(
    new JWSHeader.Builder(JWSAlgorithm.Ed25519).keyID(jwk.getKeyID()).build(),
    new Payload("We are having a crypto party!"));

// Compute the EdDSA signature

// Serialize the JWS to compact form
String s = jwsObject.serialize();

// The recipient creates a verifier with the public EdDSA key
JWSVerifier verifier = new Ed25519Verifier(publicJWK);

 // Verify the EdDSA signature
assertTrue("Ed25519 signature verified", jwsObject.verify(verifier));
assertEquals("We are having a crypto party!", jwsObject.getPayload().toString());

Support for EdDSA was introduced in Nimbus JOSE+JWT 6.0.

Note that for EdDSA you need to include the optional Tink dependency in your project. For Nimbus JOSE+JWT 6.0 that would be