A lightweight, high-performance JWT alternative leveraging CBOR serialization with multiple secure signing options.
- Multiple secure signing options (EdDSA, HMAC, Blake2b, Blake3)
- Compact binary format using CBOR
- High-performance implementation
- Post-quantum resistant signatures (Ed448)
- Customizable CBOR encoding
- Lightweight design
go get github.com/DeltaLaboratory/fwt/v2package main
import (
"time"
"github.com/DeltaLaboratory/fwt/v2"
)
func main() {
signer, err := fwt.NewSigner(fwt.NewBlake3Signer([]byte("somekeyhere")))
if err != nil {
panic(err)
}
payload := map[string]any{
"user_id": 123,
"exp": time.Now().Add(time.Hour).Unix(),
}
token, err := signer.Sign(payload)
if err != nil {
panic(err)
}
}package main
import "github.com/DeltaLaboratory/fwt/v2"
func verifyToken(token []byte) {
verifier, err := fwt.NewVerifier(fwt.NewBlake3Verifier([]byte("somekey")))
if err != nil {
panic(err)
}
var payload map[string]any
if err := verifier.VerifyAndUnmarshal(token, &payload); err != nil {
panic(err)
}
}For more example, see test code.
FWT uses a compact binary structure:
| Section | Size | Description |
|---|---|---|
| Header | 2 ~ 10 bytes (vary) | Type + Payload Size |
| Payload | Variable (CBOR) | Token Data |
| Signature | 32/64/114 bytes | Cryptographic Signature |
| Algorithm | Signature Size (bytes) |
|---|---|
| Ed25519 | 64 |
| Ed448 | 114 |
| HMACSha256 | 32 |
| HMACSha512 | 64 |
| Blake2b256 | 32 |
| Blake2b512 | 64 |
| Blake3 | 32 |
| Algorithm | Type |
|---|---|
| XChaCha20-Poly1305 | AEAD |
| AES-GCM | AEAD |
| AES-CBC | Block Cipher |
| AES-CTR | Stream Cipher |
| HPKE | Hybrid |
| AES-ECB | Block Cipher |
// Set custom encoder
fwt.SetEncoder(customEncoder)
// Set custom decoder
fwt.SetDecoder(customDecoder)This project is licensed under the MIT License - see the LICENSE file for details.