Skip to content
Latchkey

CBOR vs MessagePack: Which Binary Format?

CBOR is an IETF-standardized binary format (RFC 8949) with rich type tags; MessagePack is a compact, widely adopted binary format with broad library support.

CBOR (RFC 8949) is designed for standardization, extensibility via tags, and constrained-device use, and underpins protocols like COSE and WebAuthn. MessagePack predates it, is extremely compact, and has very broad library support across languages. CBOR wins on standardization and extensibility; MessagePack wins on adoption breadth and minimal size.

CBORMessagePack
StandardIETF RFC 8949De facto spec
ExtensibilityRich tagsExtension types
AdoptionStrong (COSE, IoT)Very broad
SizeCompactVery compact
Best forStandards, IoTBroad library support

Use case and standards

CBOR suits use cases needing an IETF standard, semantic tags, or alignment with COSE/WebAuthn and constrained IoT. MessagePack suits teams wanting the most widely available libraries and the smallest payloads without a formal standard requirement.

Ops and CI fit

Both are schema-free binary formats with library support across languages. Round-trip interop tests run in CI, where faster managed runners shorten cross-language serialization checks.

The verdict

Want an IETF standard with rich tags and IoT/security ecosystem fit: CBOR. Want the broadest libraries and minimal size: MessagePack. Standardization favors CBOR; adoption breadth favors MessagePack.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →