Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It isn't possible to encrypt binary data !? #553

Closed
user163 opened this issue Apr 10, 2024 · 2 comments · Fixed by #554
Closed

It isn't possible to encrypt binary data !? #553

user163 opened this issue Apr 10, 2024 · 2 comments · Fixed by #554
Assignees
@Spomky
Labels
bug
Milestone
3.4.1

Comments

@user163
Copy link

user163 commented Apr 10, 2024
edited

Version(s) affected

3.3

Description

In this JWE example, the following can be read as a comment on the payload:

The payload we want to encrypt. It MUST be a string

and indeed if the message is not a UTF-8 compatible byte sequence, an

InvalidArgumentException: The payload must be encoded in UTF-8

is thrown.

Why is there this constraint, i.e. why can't the payload be any byte sequence? In RFC7516 JWE this restriction does not seem to be specified. Other JWE implementations, such as JWCrypto allow arbitrary byte sequences.

How to reproduce

Run the linked example and use a non-UTF-8 compliant byte sequence as payload.

Possible Solution

The restriction to UTF-8 compatible byte sequences as payload should be removed. It should be possible to use any byte sequence as payload.

Additional Context

There is a similar (meanwhile fixed) bug, but in the context of signing detachd payloads: #491.
@Spomky
Copy link
Member

Spomky commented Apr 10, 2024

Hi,

This looks like a regression not covered by tests.
It will be fixed soon.

@Spomky Spomky self-assigned this Apr 10, 2024
@Spomky Spomky added the bug label Apr 10, 2024
@Spomky Spomky added this to the 3.4.1 milestone Apr 10, 2024
@Spomky Spomky linked a pull request Apr 10, 2024 that will close this issue
Remove UTF-8 encoding check in JWEBuilder #554
Merged
5 tasks
@Spomky Spomky closed this as completed Apr 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Spomky Spomky

Labels
bug
Projects
None yet
Milestone
3.4.1
Development

Successfully merging a pull request may close this issue.

Remove UTF-8 encoding check in JWEBuilder web-token/jwt-framework
2 participants
@Spomky @user163