Aliyesha.com6d ago

EdDSA (Ed25519) JWT verification on Spring Boot 4 resource servers — the missing pieces I had to stitch together.

https://aliyesha.com/sub/articles/programming/display/pr_jwt_eddsa_spring_boot_4_resource_server_support

#Spring #SpringSecurity #SpringBoot #SpringBoot4 #Java #EdDSA #Ed25519 #Security

Enjoy tracker free reading with us. #privacy #privacymatters

EdDSA (Ed25519) JWT verification on Spring Boot 4 resource servers — the missing pieces I had to stitch together.

How to enable EdDSA/Ed25519 JWT verification on Spring Boot 4 resource servers by surgically patching Spring Security's three integration gaps using Boot 4's JwkSetUriJwtDecoderBuilderCustomizer hook.

Aliyesha
Aliyesha.comMar 15

EdDSA (Ed25519) JWT verification on Spring Boot 4 resource servers — the missing pieces I had to stitch together.

https://aliyesha.com/sub/articles/programming/display/pr_jwt_eddsa_spring_boot_4_resource_server_support

#Spring #SpringSecurity #SpringBoot #SpringBoot4 #Java #EdDSA #Ed25519 #Security

Enjoy tracker free reading with us. #privacy #privacymatters

EdDSA (Ed25519) JWT verification on Spring Boot 4 resource servers — the missing pieces I had to stitch together.

How to enable EdDSA/Ed25519 JWT verification on Spring Boot 4 resource servers by surgically patching Spring Security's three integration gaps using Boot 4's JwkSetUriJwtDecoderBuilderCustomizer hook.

Aliyesha
damienbodAug 7, 2025

Blogged: Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect

https://damienbod.com/2025/08/06/use-eddsa-signatures-to-validate-tokens-in-asp-net-core-using-openid-connect/

#openid #openidconnect #oidc #identity #eddsa #jwt #security #oauth

Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect

Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the de…

Software Engineering
Ralph PlawetzkiApr 6, 2025

🍾 I released the corresponding #Java bindings for #WinSparkle 0.9.0. WinSparkle now supports #EdDSA #signatures! This is a long-awaited change, as DSA signatures are considered deprecated. #Java22

https://central.sonatype.com/search?q=winsparkle-java&smo=true&namespace=org.purejava

Maven Central: Search

Search and discover Java packages with our advanced search functionality.

Maven Central
stfJan 27, 2025
thought it might be nice to sign #sphinx releases with #minisign and #ssh #eddsa keys, straight outta sphinx. minisign #privkeys are okish (they do need 40 B of entropy, 8 extra for a "keyid"). but did you know, that in ssh the public key is stored 3x in the ed25519 private #key? one time i can understand (could be 0 though), but 3 times? what have they been drinking? #fileformats
stfDec 4, 2024

do you know any service where you can use #eddsa keys with #webauthn online? do we still have to do rsa and ecdsa in 2024?

please boost maybe someone knows the answer.

#crypto #passkeys

Show threadCoelacanthus 😶‍🌫️ 🏳️‍⚧️May 16, 2024
@xtexChooser There is an article on djb how to construct #EdDSA. It may help you understand why it's that shape.
https://blog.cr.yp.to/20140323-ecdsa.html
cr.yp.to: 2014.03.23: How to design an elliptic-curve signature system

Marcin CieślakMar 16, 2024

Network Security Services (#NSS) 3.99 was tagged and released on
15th March 2024.

Among others,

- Bug 1325335 - Adding #EdDSA implementation.

https://bugzilla.mozilla.org/show_bug.cgi?id=1325335

Big thanks to Anna Weine (nkulatova) for working on this!

1325335 - (hacl-eddsa) Integrate HACL* EdDSA over Curve25519

RESOLVED (nkulatova) in NSS - Libraries. Last updated 2024-03-13.

𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕Feb 25, 2024

Thank you @Kovah for your detailed article. This shows what the current #SSH keys #security is. Now ALL of us just have to realize and implement this:

«Why and How: Switch from #RSA to #EdDSA / #ED25519 SSH keys»

🔏 https://blog.kovah.de/en/2019/switching-from-rsa-to-eddsa-ec25519/

Why and How: Switch from RSA to EdDSA/ED25519 SSH keys

Kevin Woblick's Blog
Show threadTodd A. Jacobs | Pragmatic CybersecurityFeb 5, 2024

@todd_a_jacobs @letsencrypt To clarify, there are some 3rd party apps that are outdated or non-FOSS SMTP/IMAP clients, but nothing that really handles @GnuPG directly on either #iOS or #iPadOS. On the other hand, S/MIME is widely supported but less safe since it's not stored on a tamper-resistant and removable smart card, but at least it would integrate with Apple Mail and others.

It's the fact that getting an S/MIME certificate that is signed by a widely-used certificate authority is more costly than it's worth. I'd really prefer to use #GnuPG with either attestation credentials or an #EDDSA signing key on an external token like a #Yubikey

I can't be the only person who's wondered about this, but I can't find a lot of how-tos about this particular use case. Whether S/MIME or PGP/MIME, how are you supposed to integrate the on-token certificate? If that's a no-op because of Apple's walled garden, then where are people getting their S/MIME-specific certificates without having to ask recipients to trust self-signed keys?