Open source libraries for the Bottle secure container protocol.
Bottle is a secure container protocol for cryptographic use, designed to address limitations in existing standards like JWT, COSE, and PGP.
Bottle provides a unified message structure that supports:
- Multi-recipient encryption - Encrypt a message for multiple recipients simultaneously
- Multiple digital signatures - Attach signatures from different parties to a single message
- Recursive nesting - Enable complex security arrangements like sign-then-encrypt through composable containers
- Algorithm agility - Support for traditional cryptography (RSA, ECDSA, Ed25519) and post-quantum algorithms (ML-KEM, ML-DSA)
Unlike COSE which uses separate structures for different operations, Bottle uses a single container type that can be nested arbitrarily. This simplifies implementation while enabling sophisticated security patterns.
The companion IDCard protocol provides cryptographic identity management:
- Purpose-specific subkeys - Separate keys for signing and decryption under a single identity
- Verifiable group memberships - Cryptographically-enforced access control
- Self-signed identity - IDCards are validated by their primary key
Both protocols support:
- CBOR - Compact binary encoding for efficiency
- JSON - Web-compatible encoding for browser environments
Bottle is specified in an Internet-Draft. See the bottle-id repository for the full specification.
This is a collection of open source Bottle implementations for various programming languages.
- Secure messaging with multiple recipients
- Document exchange requiring confidentiality and authenticity
- Identity management in distributed systems
- End-to-end encrypted storage
- API authentication and authorization