JSON to CBOR Converter

Encode JSON to compact CBOR binary and see the hex dump and byte savings.

Free JSON to CBOR encoder. Paste JSON and get RFC 8949 CBOR as hex and base64, with a byte-size comparison. Ideal for WebAuthn, CoAP and IoT payloads. 100% client-side — nothing is uploaded. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is CBOR used for?

CBOR (RFC 8949) is a compact binary encoding of the JSON data model. It is used in WebAuthn/FIDO2, COSE, CoAP and many IoT and embedded protocols where small, fast-to-parse payloads are important.

CBOR (Concise Binary Object Representation) is a binary serialization format defined by RFC 8949 that encodes the same data model as JSON in far fewer bytes. It is the wire format for WebAuthn credential payloads, COSE signed messages, CoAP and a wide range of IoT protocols. This tool takes ordinary JSON and produces the equivalent CBOR as a hex dump and base64 string, so you can build and inspect those payloads by hand.

How it works

Every CBOR item starts with a head byte whose top 3 bits encode the major type and whose low 5 bits encode the additional information:

  • Integers (major types 0 and 1) are written with the smallest head that fits the value — inline for 0–23, then 1, 2, 4 or 8 following bytes.
  • Text strings (major type 3) are UTF-8 encoded with a length prefix.
  • Arrays (major type 4) and maps (major type 5) write their element count, then each item — recursively.
  • true, false and null are the single bytes 0xf5, 0xf4 and 0xf6, and non-integer numbers are written as an IEEE 754 double after the 0xfb head byte.

The encoder walks your parsed JSON value following exactly these rules, producing definite-length output that any conformant CBOR decoder can read back.

CBOR major type quick reference

Major typeBits 7–5What it encodes
0000Unsigned integer
1001Negative integer
2010Byte string
3011Text string (UTF-8)
4100Array
5101Map (object)
6110Tagged item
7111Float and simple values (true/false/null)

JSON only uses types 0, 1, 3, 4, 5, and the float/simple type — which is why this tool can fully round-trip any JSON value.

Example

The JSON {"a":1,"b":[2,3]} encodes to the hex a2 61 61 01 61 62 82 02 03:

a2          map of 2 pairs
61 61       text "a"
01          unsigned int 1
61 62       text "b"
82 02 03    array [2, 3]

That is 9 CBOR bytes versus 17 bytes of JSON text. The tool reports this comparison for any input so you can see the savings, and everything runs locally in your browser.

Where you encounter CBOR in practice

WebAuthn / FIDO2 — browser attestation objects, client data, and authenticator data are all CBOR-encoded. When debugging passkey or hardware key flows, being able to decode CBOR hex to readable JSON is essential.

COSE — the CBOR Object Signing and Encryption standard (RFC 8152) wraps JWS/JWE-equivalent signing and encryption in CBOR. It is used in FIDO2, IoT device attestation, and secure supply-chain formats.

CoAP — the Constrained Application Protocol (RFC 7252) is HTTP for microcontrollers and IoT devices. CoAP payloads are commonly CBOR because embedded devices cannot afford JSON parsing overhead.

IPFS / DAG-CBOR — the IPFS distributed file system uses a CBOR variant called DAG-CBOR for content-addressed data blocks.