Token Envelopes With Multiple Signatures

May 18, 2026

∙ Paid

Heya,

If you ever need to send out a token payload signed with multiple algorithms, you’re in luck. Kinda. There’s a standard for this.

The JSON Web Signature (JWS) specification, RFC 7515 has a section that discusses this situation.

Alternatives include:

a newer RFC, HTTP Message Signatures
sending two complete tokens, each with the same payload but signed with a different algorithm

From RFC 7515 section 7.2.1, the General JWS JSON Serialization Syntax lets you specify one payload with many headers and signatures. From the specification, here’s an example:

{
      "payload":
       "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGF
        tcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
      "signatures":[
       {"protected":"eyJhbGciOiJSUzI1NiJ9",
        "header":
         {"kid":"2010-12-29"},
        "signature":
         "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ
          mh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjb
          KBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHl
          b1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZES
          c6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AX
          LIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"},
       {"protected":"eyJhbGciOiJFUzI1NiJ9",
        "header":
         {"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"},
        "signature":
         "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS
          lSApmWQxfKTUJqPP3-Kg6NU1Q"}]
     }

The payload is the same, but here we have two different signatures, the former uses the RS256 algorithm, the latter ES256. The protected attribute contains headers that are signed, whereas the header contains headers that are unsigned. In my opinion, the latter should be avoided.

The general syntax described above contrasts to the common compact specification, which has the header, the payload and the signature separated by periods. The general syntax also doesn’t create JWTs, which are limited to the compact specification.

Why Support Multiple Signatures?

Supporting multiple signatures gives you flexibility to generate one payload and send it across multiple systems with different signature verification capabilities.

Keep reading with a 7-day free trial

Subscribe to CIAM Weekly to keep reading this post and get 7 days of free access to the full post archives.