turbomcp-dpop
| Crates.io | turbomcp-dpop |
| lib.rs | turbomcp-dpop |
| version | 3.0.0-beta.3 |
| created_at | 2025-08-28 01:19:44.313201+00 |
| updated_at | 2026-01-22 16:44:50.888966+00 |
| description | DPoP (RFC 9449) implementation for TurboMCP with HSM support |
| homepage | https://turbomcp.org |
| repository | https://github.com/Epistates/turbomcp |
| max_upload_size | |
| id | 1813435 |
| size | 307,284 |
Nick Paterno (nicholasjpaterno)
documentation
https://docs.rs/turbomcp-dpop
README
TurboMCP DPoP
RFC 9449 compliant DPoP (Demonstrating Proof-of-Possession) implementation for OAuth 2.0.
Features
- RFC 9449 Compliance - Full specification implementation
- Cryptographic Security - ES256 (ECDSA P-256) only for maximum security
- Token Binding - Prevents stolen token usage
- Replay Protection - Nonce tracking and timestamp validation
- HSM Support - PKCS#11 and YubiHSM integration
- Redis Storage - Distributed nonce tracking
Algorithm Choice: ES256 Only
TurboMCP DPoP exclusively supports ES256 (ECDSA P-256) as of v2.2.0+. This is an intentional security decision, not a limitation.
Why ES256 Only?
| Criterion | ES256 (ECDSA P-256) | RSA (RS256/PS256) |
|---|---|---|
| Security | Timing-attack resistant | Vulnerable (RUSTSEC-2023-0071) |
| Key Size | 256 bits | 2048-4096 bits |
| Signature Size | 64 bytes | 256-512 bytes |
| Performance | Faster signing/verification | Slower operations |
| 2026 Compliance | Recommended by NIST | Being phased out |
Security Advisory
RSA algorithm support was removed due to RUSTSEC-2023-0071, which affects the rsa crate's PKCS#1 v1.5 padding implementation. The vulnerability allows timing side-channel attacks that can leak private key information.
Q1 2026 Best Practices recommend:
- ES256 (P-256) for new implementations
- ES384 (P-384) for higher security requirements
- Avoiding RSA for new DPoP/JWT signing implementations
Migration from RSA
If you're migrating from an RSA-based DPoP implementation:
- Generate new ES256 keys: Existing RSA keys cannot be converted
- Update client configurations: Point to new JWKS endpoint
- Rotate during maintenance window: Old tokens remain valid until expiry
- Update JWKS endpoints: Serve only ES256 public keys
use turbomcp_dpop::DpopKeyPair;
// Generate new ES256 key pair
let key_pair = DpopKeyPair::generate()?;
// Export public key for JWKS
let jwk = key_pair.public_jwk();
References
- RFC 9449: DPoP
- RUSTSEC-2023-0071
- NIST SP 800-186: Recommendations for Discrete Logarithm-based Cryptography
Usage
[dependencies]
turbomcp-dpop = "3.0.0-exp"
# With Redis storage
turbomcp-dpop = { version = "3.0.0-exp", features = ["redis-storage"] }
# With HSM support
turbomcp-dpop = { version = "3.0.0-exp", features = ["hsm"] }
Feature Flags
default- Core DPoP functionalityredis-storage- Redis backend for nonce trackinghsm-pkcs11- PKCS#11 HSM supporthsm-yubico- YubiHSM supporthsm- All HSM backendstest-utils- Test utilities
License
MIT