CBOR is specified in a Standards-Track RFC. RFCs that serve as Internet Standards Documents are generated by the IETF based on an extensive technical review and quality control process. These are meant to last.

RFC 7049: CBOR

The stable reference.

Find the motivation for CBOR, the detailed specification (on 14 pages that include many examples), information on transcoding from and to JSON, and appendices with test vectors and readily usable code.

View details »

IANA registry

CBOR has been designed to be extensible by enabling third parties to define Tags. Immediately after CBOR was published, extensions started to be documented. Those that are completed are collected in an IANA registry to ensure specifications are available and that they don't stumble over each other.

Find pointers to what other people are also doing with CBOR, and extension specifications that might save you some work.

View details »


Unfortunately, even in the age of comprehensive continuous integration we make silly mistakes. However, RFCs never change. Just in case silly mistakes irk you as much as us, two editorial mistakes that have been found so far are corrected in this updated copy of RFC 7049:

View details »

RFC 8152: COSE

Binary-enabled serialization is useful for cryptography. CBOR Object Signing and Encryption (COSE) provides a standard way to exchange authenticated, integrity protected, and confidentiality protected objects using CBOR.

View details »

RFC 8392: CWT

Based on COSE, the CBOR Web Token (CWT) is for CBOR what the JSON Web Token (JWT) is for JSON: A compact means of representing claims to be securely conveyed between two parties.

View details »

RFC 8610: CDDL

The Concise Data Definition Language (CDDL) provides a machine-processable notation to express CBOR (and JSON) data structures. This is used in specifications and other design documents for describing the structures that one party is meant to send to another, enabling informed discussion, input validation, and even code generation.

View details »