Context
The v2 rewrite (#26) covers all RFC 7518 §3 JWS algorithms — HS256/384/512, RS256/384/512, PS256/384/512, ES256/384/512 — but does not implement EdDSA over the OKP key type defined in RFC 8037 (Ed25519, Ed448).
The blocker is the dependency story: System.Security.Cryptography does not yet expose first-party Ed25519 / Ed448 primitives in a way that's usable from PowerShell 7.6 / .NET 10 without bringing in BouncyCastle, and the project's "no third-party dependencies" rule rules that out.
Request
When a first-party Ed25519 / Ed448 implementation is available in the BCL, add:
- The
Ed25519 and Ed448 algorithms to New-Jwt / Test-Jwt.
- The
OKP key type to JwtKey, including the crv, x, and d JWK members per RFC 8037 §2.
OKP support in ConvertTo-JwtKey, ConvertFrom-JwtKey, Get-JwtKeyThumbprint (the RFC 7638 required members for OKP are crv, kty, x).- Curve enforcement in
Resolve-JwtKey (Ed25519 → Ed25519, Ed448 → Ed448).
Out of scope until BCL support lands
- BouncyCastle-based interim implementation. The trade-off is not worth a third-party dep for the v2 timeline.
Context
The v2 rewrite (#26) covers all RFC 7518 §3 JWS algorithms — HS256/384/512, RS256/384/512, PS256/384/512, ES256/384/512 — but does not implement EdDSA over the
OKPkey type defined in RFC 8037 (Ed25519,Ed448).The blocker is the dependency story:
System.Security.Cryptographydoes not yet expose first-party Ed25519 / Ed448 primitives in a way that's usable from PowerShell 7.6 / .NET 10 without bringing in BouncyCastle, and the project's "no third-party dependencies" rule rules that out.Request
When a first-party Ed25519 / Ed448 implementation is available in the BCL, add:
Ed25519andEd448algorithms toNew-Jwt/Test-Jwt.OKPkey type toJwtKey, including thecrv,x, anddJWK members per RFC 8037 §2.OKPsupport inConvertTo-JwtKey,ConvertFrom-JwtKey,Get-JwtKeyThumbprint(the RFC 7638 required members forOKParecrv,kty,x).Resolve-JwtKey(Ed25519 →Ed25519, Ed448 →Ed448).Out of scope until BCL support lands