Why I built a post-quantum signing API (and why JWT is on borrowed time)

JWT with RS256/ES256 is everywhere. It's also going to be broken.

Not today. But the clock is ticking — and the timeline is shorter than most developers think.

The problem with classical signatures

Every JWT signed with RS256 or ES256 relies on RSA or ECDSA. These algorithms are vulnerable to Shor's algorithm running on a sufficiently powerful quantum computer. NIST finalized the post-quantum replacements in August 2024 — but most developers haven't started migrating yet.

The threat isn't just future decryption. Nation-state actors are already harvesting signed traffic today to decrypt and forge once quantum computers arrive. "Harvest now, decrypt later" is a real attack pattern.

Why I built a post-quantum signing API (and why JWT is on borrowed time)

Other newsrooms on this story

Related reading

Post Quantum Cryptography Just Got a Lot More Urgent

The End Of The Secret String: Why Cybersecurity Must Move From Hidden Keys To…

Post-quantum encryption for secure data architectures - SiliconANGLE

Google bumps up Q Day deadline to 2029, far sooner than previously thought

Draft executive order would set deadlines for digital signature and key quantum…

The Quantum Threat to Bitcoin Dividing Crypto - Decrypt