Back to Overview

What is CBOR?

Blog-Post-Author

Vincent

Created: May 3, 2024

Updated: September 10, 2024

What is CBOR (Concise Binary Object Representation)?#

Concise Binary Object Representation (CBOR) is a data format that aims to provide the benefits of JSON but in a more compact and efficient binary form. Defined in RFC 8949, CBOR's design supports extremely small code sizes, small message sizes, and easy extensibility without version negotiation.

Slack Icon

Become part of our Passkeys Community for updates and support.

Join

CBOR Object Signing and Encryption (COSE) algorithms are used to generate passkeys. The type of algorithm is stored within the attestation-object of a passkey operation:

Passkeys are generated with COSE Algorithms, indicating the used algorithm in the algorithm-attribute of the parsedCredentialPublicKey

  • CBOR: A binary data format that enhances JSON's model with compact, efficient data encoding.
  • Designed for fast processing and small message sizes, ideal for the Internet of Things (IoT).
  • Supports extensibility with tags for evolving data needs without strict schema requirements.
CBOR Concise Binary Object Representation (CBOR) is a data format based on JSON, providing a more compact and efficient form.

Understanding CBOR and Its Design#

CBOR builds on the JSON data model, encompassing types such as numbers, strings, arrays, and maps, adding more like bytes for binary data not efficiently handled by JSON. Here’s how CBOR refines data interchange:

Schema-Free Interchange#

Like JSON, CBOR allows for effective data interchange without rigid schema enforcement, facilitating flexible development and rapid evolution at both ends of a communication channel.

Binary Data Handling#

Unlike JSON, which requires encoding for binary data (typically in base64), CBOR embraces binary natively, simplifying the representation of binary data like encryption keys or sensor readings.

Substack Icon

Subscribe to our Passkeys Substack for the latest news, insights and strategies.

Subscribe

Efficient and Compact#

CBOR's binary nature ensures data is not only more concise but also processed faster than textual formats, crucial for performance-critical applications like those in IoT.

Stability and Extensibility#

As a stable Internet Standard, CBOR is designed to remain relevant and supportive of new technologies for decades. It supports extensibility through tags that allow for additional data types without altering the core specifications.

Practical Applications of CBOR#

  • Internet of Things (IoT): CBOR is particularly advantageous for IoT devices, which benefit from its low overhead and efficient data encoding.
  • Inter-device Communication: CBOR facilitates compact and quick data exchange between devices in constrained environments.
  • Data Security: CBOR Object Signing and Encryption (COSE) provides robust security mechanisms, crucial for secure, authenticated, and private data exchange.
Debugger Icon

Want to experiment with passkey flows? Try our Passkeys Debugger.

Try for Free

CBOR FAQs#

How does CBOR differ from JSON?#

CBOR is a binary format that reduces the size and increases the speed of data interchange, unlike JSON's text-based format which is more verbose and slower to process.

Is CBOR compatible with JSON?#

Yes, CBOR is based on the JSON data model and can represent all JSON data types, plus additional binary types, making it broadly compatible yet more efficient.

Ben Gould Testimonial

Ben Gould

Head of Engineering

I’ve built hundreds of integrations in my time, including quite a few with identity providers and I’ve never been so impressed with a developer experience as I have been with Corbado.

3,000+ devs trust Corbado & make the Internet safer with passkeys. Got questions? We’ve written 150+ blog posts on passkeys.

Join Passkeys Community

How secure is CBOR?#

CBOR itself focuses on data representation. Security can be implemented on top of CBOR using COSE, which adds signing, encryption, and message authentication.

Can CBOR be extended for specific needs?#

Absolutely. CBOR's tagging system allows it to adapt to future requirements and incorporate new data types without disrupting existing implementations.

What is needed to implement CBOR in an application?#

Implementing CBOR requires a CBOR parser and generator. Many programming languages have libraries available that support CBOR, facilitating easy integration into existing systems.

Share this article

LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

Join for free

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.

Subscribe for free

We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free

Related Terms

Related Articles

passkeys-cheat-sheet
Passkeys Implementation

Passkeys Cheat Sheet for Developers

Lukas R. - March 6, 2024

passkey tutorial how to implement passkeys
Passkeys Implementation

Passkey Tutorial: How to Implement Passkeys in Web Apps

Vincent - December 7, 2023

invisible mfa
Passkeys Strategy

How Invisible MFA with Passkeys Solves the MFA Problem

Vincent - January 18, 2024

psd2 passkeys
Passkeys Strategy

PSD2 Passkeys: Phishing-Resistant PSD2-Compliant MFA

Vincent - February 7, 2023