Curve is Ed25519

What this check verifies

This check reads every key in the directory and confirms each one has crv set to Ed25519. If any key uses a different curve, or omits crv, the check fails.

For an OKP key, the crv member names the Edwards curve. Web Bot Auth signs with Ed25519, so the directory key must declare that curve:

{ "kty": "OKP", "crv": "Ed25519", "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo", "kid": "..." }

This is one of three structural per-key checks, alongside the key type and the public key length. It aggregates across all keys: one wrong curve fails it.

Why it matters

The curve fixes the signature algorithm. Web Bot Auth uses Ed25519 keys to produce and verify signatures, so a verifier reads crv to know it is dealing with an Ed25519 key. A different curve such as Ed448, or another OKP curve like X25519 (which is for key agreement, not signing), cannot verify a Web Bot Auth signature. A missing crv leaves the verifier unable to interpret the key at all.

Because this breaks the cryptographic usability of the key, it makes the directory invalid. The verdict is INVALID rather than a lower grade.

A note on a related mistake: X25519 shares the OKP key type with Ed25519 but is a Diffie-Hellman key, not a signing key. Publishing it would pass the key-type check and fail here.

How to fix it

Set crv to Ed25519 on every key:

{ "kty": "OKP", "crv": "Ed25519", "x": "...", "kid": "..." }

The common cause is generating the key on the wrong curve, or exporting a key meant for key exchange (X25519) instead of signing. Generate an Ed25519 keypair and export the public JWK, which will carry crv: "Ed25519". In a multi-key set, find the key with the wrong curve and replace it.

References

• RFC 8037 defines the OKP key type, the crv member, and Ed25519.
• RFC 7517 defines the JSON Web Key format.
• How grading works explains why a wrong curve makes the directory invalid.