Comments (2)
nov
commented on July 26, 2024
Which library allows you to specify JWE AAD in JWE compact serialization format?
In compact serialization, all JWE header should be JWE Protected Header, thus all header should be integrity protected.
from jose-php.
jaimeperez
commented on July 26, 2024
Hi Nov, and thanks for the prompt response!
You are absolutely right, I was looking into the wrong specs (mainly JWA), and I've seen now that the JOSE header equals the JWE protected header in case of compact serialization, so in that case the header should indeed be included in the computation of the authentication tag. My problem then is that the library I'm using to generate JWE tokens is ignoring that part of the RFC, so the authentication tag does not include the header. I've already notified them of the problem
from jose-php.
Related Issues (16)
- PS256/384/512 JWS test case signatures seem invalid HOT 1
- Consider removing composer.phar
- Broken phpseclib/phpseclib dependency HOT 3
- JWT Auth Guard for Laravel HOT 2
- Composer can't find gree/jose HOT 5
- Tag for PHP 5.4 HOT 1
- signature validation
- Master Key Encryption failed
- Any plans to implement claims verification and additional signature types? HOT 2
- Documentation suggestion
- JWS(Signing issue)
- Changed version phpseclib 3 HOT 9
- installation HOT 3
- It's not possible to determine $public_key_or_secret by the 'kid' header value. HOT 2
- Doesn't support draft 7+ encryption requirements (A128CBC-HS256 and A256CBC-HS512) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jose-php.