You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 3, 2024. It is now read-only.
I'm having problems interoperating with other libraries when validating the authentication tag. More specifically, if a JWE is generated including no additional authenticated data, the library will unconditionally add the JWE header to it in JWE::calculateAuthenticationTagCBC(). This code affects mainly the generation of JWE tokens themselves. When decrypting JWE tokens generated with other libraries, the JWT class will add the header to $jwe->auth_data in JWT::decode().
AFAICS, there's nothing in the drafts saying that the header should be always included in the additional authenticated data, and if it was the case, then it should be the user the one setting it before calling JWE::decrypt(). At least when the AAD is not mandated to be in some way in the standard (like with AES_GCM), I think the library should be completely agnostic, and handling of auth data is out of its scope.
Thanks in advance!
The text was updated successfully, but these errors were encountered:
Which library allows you to specify JWE AAD in JWE compact serialization format?
In compact serialization, all JWE header should be JWE Protected Header, thus all header should be integrity protected.
You are absolutely right, I was looking into the wrong specs (mainly JWA), and I've seen now that the JOSE header equals the JWE protected header in case of compact serialization, so in that case the header should indeed be included in the computation of the authentication tag. My problem then is that the library I'm using to generate JWE tokens is ignoring that part of the RFC, so the authentication tag does not include the header. I've already notified them of the problem 😃
Hi!
I'm having problems interoperating with other libraries when validating the authentication tag. More specifically, if a JWE is generated including no additional authenticated data, the library will unconditionally add the JWE header to it in
JWE::calculateAuthenticationTagCBC()
. This code affects mainly the generation of JWE tokens themselves. When decrypting JWE tokens generated with other libraries, the JWT class will add the header to$jwe->auth_data
inJWT::decode()
.AFAICS, there's nothing in the drafts saying that the header should be always included in the additional authenticated data, and if it was the case, then it should be the user the one setting it before calling
JWE::decrypt()
. At least when the AAD is not mandated to be in some way in the standard (like with AES_GCM), I think the library should be completely agnostic, and handling of auth data is out of its scope.Thanks in advance!
The text was updated successfully, but these errors were encountered: