Support sign cookies with asymmetric algorithms

[brunomnc]

I would like to suggest implementing an asymmetric algorithm (e.g., RSA) for cookie signing in play framework, since it currently only support symmetric signing.
I'd be happy to contribute to the development as I have recently bumped into this issue while using play.

Are there existing plans to introduce such functionality? if so I'd be happy to contribute to the development

[hertg]

I had a short private discussion with @mkurz about this a few months ago, as a followup to my push for the JJWT upgrade. I might be open to assist with this (although I can't promise anything), since I have practical experience with using asymmetric algorithms for JWT using the JJWT library.

At the time of discussion, I assumed that asymmetric signatures for the cookies probably aren't a common requirement. What is your use-case? Are you intending to verify the validity of the cookie from a separate service outside of Play?