You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this JWE example, the following can be read as a comment on the payload:
The payload we want to encrypt. It MUST be a string
and indeed if the message is not a UTF-8 compatible byte sequence, an
InvalidArgumentException: The payload must be encoded in UTF-8
is thrown.
Why is there this constraint, i.e. why can't the payload be any byte sequence? In RFC7516 JWE this restriction does not seem to be specified. Other JWE implementations, such as JWCrypto allow arbitrary byte sequences.
How to reproduce
Run the linked example and use a non-UTF-8 compliant byte sequence as payload.
Possible Solution
The restriction to UTF-8 compatible byte sequences as payload should be removed. It should be possible to use any byte sequence as payload.
Additional Context
There is a similar (meanwhile fixed) bug, but in the context of signing detachd payloads: #491.
The text was updated successfully, but these errors were encountered:
Version(s) affected
3.3
Description
In this JWE example, the following can be read as a comment on the payload:
and indeed if the message is not a UTF-8 compatible byte sequence, an
is thrown.
Why is there this constraint, i.e. why can't the payload be any byte sequence? In RFC7516 JWE this restriction does not seem to be specified. Other JWE implementations, such as JWCrypto allow arbitrary byte sequences.
How to reproduce
Run the linked example and use a non-UTF-8 compliant byte sequence as payload.
Possible Solution
The restriction to UTF-8 compatible byte sequences as payload should be removed. It should be possible to use any byte sequence as payload.
Additional Context
There is a similar (meanwhile fixed) bug, but in the context of signing detachd payloads: #491.
The text was updated successfully, but these errors were encountered: