This is the documentation of the development version, check the Stable Version documentation.

RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)

New in version v0.15.

Algorithms for JWS

In RFC8037, algorithm “EdDSA” is defined for JWS. Use Edwards-curve Digital Signature Algorithm (EdDSA) for signing data using “JSON Web Signature (JWS)”:

from authlib.jose import JsonWebSignature

# only allow "EdDSA" alg value
jws = JsonWebSignature(algorithms=['EdDSA'])

protected = {'alg': 'EdDSA'}
payload = b'example'

with open('ed25519-pkcs8.pem', 'rb') as f:
    secret =
jws.serialize_compact(protected, payload, secret)

Learn how to use other JWS functions at JSON Web Signature (JWS).

It can also be used in JSON Web Token (JWT):

from authlib.jose import JsonWebToken

jwt = JsonWebToken(algorithms=['EdDSA'])

with open('ed25519-pkcs8.pem', 'rb') as f:
    key =

header = {'alg': 'EdDSA'}
payload = {'iss': 'Authlib', 'sub': '123', ...}
s = jwt.encode(header, payload, key)

Algorithms for JWK

In RFC8037, algorithms “Ed25519”, “Ed448”, “X25519”, “X448” are defined for JWK. Loads and dumps Json Web Keys with:

from authlib.jose import JsonWebKey

with open('ed25519-pkcs8.pem', 'rb') as f:
    key =

# MUST use "OKP" as "kty" value
JsonWebKey.import_key(key, {'kty': 'OKP'})

Learn how to use other JWK functions at JSON Web Key (JWK).

Algorithms for JWE

“X25519”, “X448” keys are used in “epk” for ECDH-ES algorithms. Just use the X25519 and X448 key for ECDH-ES in JWE:

from authlib.jose import OKPKey
from authlib.jose import JsonWebEncryption

jwe = JsonWebEncryption()

with open('X25519.pem', 'rb') as f:
    key = OKPKey.import_key(

protected = {
    "alg": "ECDH-ES",
    "enc": "A128GCM",
    "apu": "QWxpY2U",
    "apv": "Qm9i",
jwe.serialize_compact(protected, b'hello', key)

API Reference

class authlib.jose.OKPKey(payload)

Key class of the OKP key type.

as_pem(is_private=False, password=None)

Export key into PEM format bytes.

  • is_private – export private key or public key
  • password – encrypt private key with password


classmethod import_key(raw, options=None)

Import a key from PEM or dict data.