-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
jwe: Support overriding the algorithm when supplying a JWK
Now, passing a JWK (via EncryptWithJwe / JSONWebKey.MarshalJSON) will allow for ECDSA keys and for customizing the algorithm used with a particular key. Previously, the code made it impossible to supply a JWK-encoded ECDSA public key in the encryption config, as all keys passed as JSONWebKey-s were treated as RSA_OAEP keys, since utils.ParsePublicKey delegates to parseJWKPublicKey which returns the JWK itself; and hence the switch in the JWE keywrap failed to detect those as an ecdsa public key. A simpler patch here would have been to change parseJWKPublicKey to return the key contained inside the JWK directly, however, as pointed out by stefanberger, this would have broken backwards compatibility of the public API. Plus, using the algorithm encoded in the JWK allows us to more easily extend the JWE encoder to new algorithms. Risks: JWK-s containing RSA keys but with .Algorithm not set to "" (the default value) or string(jose.RSA_OLAP) will end up erroring or producing different encryptions than before. However, such keys would have failed to decrypt the contents regardless, so it should be fine to consider this a correction rather than breakage of old behavior. (Hyrum's law notwithstanding) Signed-off-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>
- Loading branch information
1 parent
c430e43
commit 4b2101a
Showing
3 changed files
with
63 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters