Is it possible to sign JWT with PGP key

I couldn't find an information about in in Google. We are generating PGP key pairs using Bouncy Castle library and implementing our own "web of trust". I wonder if it is possible to use these keys for JWT also, or I need to use a PKI X509 certificates? Thanks

Solution

The signature and encryption algorithms officially supported are listed here. No signature or encryption algorithm using PGP is listed.

But nothing prevent you from implementing a new signature/encryption algorithm used by your server and clients. AFAIK, there is no implementation at the moment that uses GPG.

From my point of view, you have to create a new key type (e.g. JWK with kty=PGP) and new alg (e.g. alg=PGP).

Get email claim from identity after upgrading to .NET 8 not working
How to decode jwt token in POSTMAN?
Is setting Roles in JWT a best practice?
AWS cognito: What's the difference between Access and Identity tokens?
Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException
Receiving attempted import error for JWT in Next.js
How do I solve audience (aud) invalid claim error for downstream api service?
Header sent error express.js with cookie-parser
[NestJs]: JwtModule.register() not working
Does Azure's EntraID support dynamic custom claims?
Token handler unable to convert the token to jwt token
JWT: to sign the claims with public key or private key, which way to go?
Testing API with ninja_jwt
User's password update via WordPress REST API
Encryption with public key in Jose-JWT
Web api core returns 404 when adding Authorize attribute
How to change the response messages in Tymon JWT package laravel
Trouble setting cookies in Express backend for Next.js frontend use
Illegal base64url character: ' ' when getting claims/decode from token Java JWT Spring Boot
ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider
JWT token claims in Django Rest Framework
How do I make JWT read "\n" as a new line instead of a literal in a container on EC2?
Verify JWT Signature in IBM Datapower Gatewayscript
Dynamically change database connection depending on jwt claim
Jwt priority HttpOnly Cookie versus Authorisation bearer
Using Box with JWT (Server Authentication)
If I set AccessToken and RefreshToken both (JWT) as cookies by server, They both automatically will be sent to server in each request from client
Tymon\JWTAuth::toUser error: A token is required
Cannot read properties of undefined (reading 'isAuth') in React and GraphQL application
next-auth: Updating session.user values after form submission without relogin in Next.js project