starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🚀 Feature: Make key type & size configurable, and support EC keys #302

New Issue
Closed
opened 2025-10-07 00:09:38 +03:00 by OVERLORD · 9 comments
OVERLORD commented 2025-10-07 00:09:38 +03:00
Owner
Copy Link

Originally created by @ItalyPaleAle on GitHub.

Feature description

Currently, pocket-id signs JWTs with RSA 2048 keys, which are not configurable. While RSA with a key size of 2048 is still acceptable until 2030 per NIST's guidelines, there are other algorithms that are considered better options.

It would be great if pocket-id allowed configuring the type (algorithm) and size of the key. For example, allowing using RSA keys with 3072 bits, or allowing elliptic curve signing algorithms including ECDSA (JWT alg ES256) or EdDSA (JWT alg EdDSA, e.g. with crv: Ed25519).

For more information, this is a good read: https://www.scottbrady.io/jose/jwts-which-signing-algorithm-should-i-use

Pitch

See above :)

Originally created by @ItalyPaleAle on GitHub. ### Feature description Currently, pocket-id signs JWTs with RSA 2048 keys, which are not configurable. While RSA with a key size of 2048 is still acceptable until 2030 [per NIST's guidelines](https://www.keylength.com/en/4/), there are other algorithms that are considered better options. It would be great if pocket-id allowed configuring the type (algorithm) and size of the key. For example, allowing using RSA keys with 3072 bits, or allowing elliptic curve signing algorithms including ECDSA (JWT alg `ES256`) or EdDSA (JWT alg `EdDSA`, e.g. with `crv: Ed25519`). For more information, this is a good read: https://www.scottbrady.io/jose/jwts-which-signing-algorithm-should-i-use ### Pitch See above :)
OVERLORD added the feature label 2025-10-07 00:09:39 +03:00
OVERLORD commented 2025-10-07 00:09:41 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Pocket ID should stay simple OIDC provider and such settings would just overcomplicate it.

As RS256 is still the most used JWT encryption algo and is still secure, I wouldn't change that.

We could increase the size of the key to 3072 though, feel free to create a PR.

@stonith404 commented on GitHub: Pocket ID should stay simple OIDC provider and such settings would just overcomplicate it. As `RS256` is still the most used JWT encryption algo and is still secure, I wouldn't change that. We could increase the size of the key to `3072` though, feel free to create a PR.
OVERLORD commented 2025-10-07 00:09:42 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub:

Thanks, I understand your point.

May I suggest an option that would allow supporting EC without adding user-facing complexity?

Pocket ID could detect the algorithm of the private key and use the corresponding JWS algorithm. This would only impact people who update the private key manually.

There are quite significant benefits to using EC, such as much smaller signatures (so much smaller JWTs).

@ItalyPaleAle commented on GitHub: Thanks, I understand your point. May I suggest an option that would allow supporting EC without adding user-facing complexity? Pocket ID could detect the algorithm of the private key and use the corresponding JWS algorithm. This would only impact people who update the private key manually. There are quite significant benefits to using EC, such as much smaller signatures (so much smaller JWTs).
OVERLORD commented 2025-10-07 00:09:42 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@stonith404 Ill have to defer to you on this one.

@kmendell commented on GitHub: @stonith404 Ill have to defer to you on this one.
OVERLORD commented 2025-10-07 00:09:43 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Thanks, I actually didn't know that.

Is EC widely supported by JWT libraries? If yes, we could just replace the RSA with ECDSA, right?

@stonith404 commented on GitHub: Thanks, I actually didn't know that. Is EC widely supported by JWT libraries? If yes, we could just replace the RSA with ECDSA, right?
OVERLORD commented 2025-10-07 00:09:43 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Until stonith404 replies about his thoughts on this, i am adding the Need more upvotes label.

@kmendell commented on GitHub: Until stonith404 replies about his thoughts on this, i am adding the Need more upvotes label.
OVERLORD commented 2025-10-07 00:09:45 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub:

@stonith404 how would you feel about me changing the format of the (private) key file to a JWK (JSON) instead of PCKS#1 (PEM)? This would allow being more flexible with different kinds of keys. It would also contain additional info such as the key ID, so it can be computed just once.

Note this is just about the format used to encode the private key on disk, using JWK (so JSON) instead of PKCS#1

It's not a strict requirement but it would make things easier when supporting other keys/algos. For example, PKCS#1 supports RSA keys only, while EC keys usually use PKCS#8 (which can also support RSA keys) or a different ASN.1 encoding (X9.62).

Upon startup, if there's a PEM file existing, we'd convert it to JWK.

@ItalyPaleAle commented on GitHub: @stonith404 how would you feel about me changing the format of the (private) key file to a JWK (JSON) instead of PCKS#1 (PEM)? This would allow being more flexible with different kinds of keys. It would also contain additional info such as the key ID, so it can be computed just once. Note this is just about the format used to encode the private key on disk, using JWK (so JSON) instead of PKCS#1 It's not a strict requirement but it would make things easier when supporting other keys/algos. For example, PKCS#1 supports RSA keys only, while EC keys usually use PKCS#8 (which can also support RSA keys) or a different ASN.1 encoding (X9.62). Upon startup, if there's a PEM file existing, we'd convert it to JWK.
OVERLORD commented 2025-10-07 00:09:45 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Okay, I see. If the changes are only small (which I believe they are), you can create a PR if you would like to.

@stonith404 commented on GitHub: Okay, I see. If the changes are only small (which I believe they are), you can create a PR if you would like to.
OVERLORD commented 2025-10-07 00:09:46 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub:

I don't think it's as universally supported by JWT libraries. Going by what I see here: https://jwt.io/libraries some libraries only support RSA.

Solutions like Auth0 let you choose if you want RSA or ECDSA for each app (OAuth client). That may be much more complexity than you'd be willing to accept here.

@ItalyPaleAle commented on GitHub: I don't think it's as universally supported by JWT libraries. Going by what I see here: https://jwt.io/libraries some libraries only support RSA. Solutions like Auth0 let you choose if you want RSA or ECDSA for each app (OAuth client). That may be much more complexity than you'd be willing to accept here.
OVERLORD commented 2025-10-07 00:09:47 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

@ItalyPaleAle Yes, this would make sense.

@stonith404 commented on GitHub: @ItalyPaleAle Yes, this would make sense.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#302
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?