Skip to content

coderpatros/dotnet-jsf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Directory.Build.props
Directory.Build.props
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dotnet-jsf.slnx
dotnet-jsf.slnx
 
 

Repository files navigation

JSON Signature Format CLI tool, web tool, API server, and Library for .NET

A .NET implementation of JSON Signature Format (JSF) — a scheme for signing JSON data with enveloped signatures.

JSF embeds cryptographic signatures directly within JSON objects, using JSON Canonicalization Scheme (RFC 8785) to produce deterministic representations for signing and verification. Unlike JWS/JWT where signatures are separate from the data, JSF keeps signature and payload together in a single JSON structure.

Features

  • Single signatures, multi-signatures (independent signers), and signature chains (sequential)
  • 15 algorithms via JWA identifiers: ECDSA (ES256/384/512), RSA PKCS#1 v1.5 (RS256/384/512), RSA-PSS (PS256/384/512), EdDSA (Ed25519/Ed448), HMAC (HS256/384/512)
  • Embedded JWK public keys for self-contained verification
  • Property exclusions and custom extensions
  • Non-mutating — all operations return new documents
  • Accepts both JsonObject and string inputs
  • Custom algorithm registry for extensibility

Requirements

  • .NET 8.0+

Projects

Project Description Details
CoderPatros.Jsf .NET library for signing and verifying JSON documents Library README
CoderPatros.Jsf.Cli Command-line tool for key generation, signing, and verification CLI README
CoderPatros.Jsf.Api REST API for key generation, signing, and verification API README
CoderPatros.Jsf.Web Browser-based tool for key generation, signing, and verification Web README

Quick start — Library

Install the NuGet package:

dotnet add package CoderPatros.Jsf

Sign and verify a document:

using System.Security.Cryptography;
using System.Text.Json.Nodes;
using CoderPatros.Jsf;
using CoderPatros.Jsf.Keys;
using CoderPatros.Jsf.Models;

var service = new JsfSignatureService();

// Create a key pair
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
var signingKey = SigningKey.FromECDsa(ecdsa);
var verificationKey = VerificationKey.FromECDsa(ecdsa);

// Sign
var document = new JsonObject { ["message"] = "hello" };
var signed = service.Sign(document, new SignatureOptions
{
    Algorithm = JsfAlgorithm.ES256,
    Key = signingKey
});

// Verify
var result = service.Verify(signed, new VerificationOptions
{
    Key = verificationKey
});
Console.WriteLine(result.IsValid); // true

See the Library README for the full API reference, multi-signature support, signature chains, key management, custom algorithms, and more.

Quick start — CLI

Download the latest binary from the Releases page, or build from source:

dotnet build src/CoderPatros.Jsf.Cli

Generate keys, sign, and verify:

# Generate an ECDSA key pair
jsf generate-key -a ES256

# Sign a document
jsf sign -k ES256-private.jwk -a ES256 -i document.json > signed.json

# Verify the signature
jsf verify -k ES256-public.jwk -i signed.json
# Output: Valid

The CLI also supports stdin/stdout piping, embedded public keys, key identifiers, and algorithm whitelisting. See the CLI README for the full command reference.

Quick start — API

Run the API server with Docker:

docker run --rm -p 8080:8080 coderpatros/jsf-api

Or from source:

dotnet run --project src/CoderPatros.Jsf.Api

Generate keys, sign, and verify with curl:

# Generate an ECDSA key pair
curl -s -X POST http://localhost:5000/api/keys/generate \
  -H "Content-Type: application/json" \
  -d '{"algorithm":"ES256"}'

# Sign a document
curl -s -X POST http://localhost:5000/api/sign \
  -H "Content-Type: application/json" \
  -d '{"document":{"message":"hello"},"algorithm":"ES256","key":{...}}'

# Verify the signature
curl -s -X POST http://localhost:5000/api/verify \
  -H "Content-Type: application/json" \
  -d '{"document":{...},"key":{...}}'
# Output: {"isValid":true,"error":null}

The API also supports multi-signatures and signature chains. See the API README for the full endpoint reference.

Quick start — Web

Try the web tool online at patrickdwyer.au/dotnet-jsf.

Run the web tool with Docker:

docker run --rm -p 8080:8080 coderpatros/jsf-web

Or run it locally:

dotnet run --project src/CoderPatros.Jsf.Web

Open the app in your browser to generate keys, sign documents, and verify signatures. All cryptographic operations run entirely in the browser — your keys and documents never leave your machine. See the Web README for more details.

How JSF signing works

  1. A signature object is created with the algorithm, optional public key, key ID, excludes, and extensions — but no value yet
  2. This partial signature object is attached to the document
  3. The entire document is canonicalized using JCS (RFC 8785)
  4. The canonical bytes are signed with the specified algorithm and key
  5. The base64url-encoded signature is set as the value property

Verification reverses the process: remove value, canonicalize, and verify.

Running tests

dotnet test

License

Apache-2.0

About

JSON Signature Format CLI tool, web tool, API server, and Library for .NET

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

Web v0.1.0 Latest
Feb 27, 2026
+ 4 releases

Sponsor this project

Packages

 
 
 

Contributors

Languages