Incorrect hash algorithm name used in SD-JWT

EWC-consortium / ewc-wallet-conformance-backend

This is the EWC Interoperability Test Bed (ITB) and implements the conformance towards EWC RFCs; build towards the Large Scale Pilot (LSP) usecases. The project is co-funded by the European Union.

5 stars 3 forks source link

Incorrect hash algorithm name used in SD-JWT #33

Closed astrom-b closed 2 weeks ago

astrom-b commented 2 weeks ago

The value for _sd_alg is incorrect in several places. According to the SD-JWT standard, hash algorithm names must match with those from the IANA hash algorithm registry [1]. The _sd_alg value used is SHA-256, while the correct one, according to [1] would be sha-256.

[1] https://www.iana.org/assignments/named-information/named-information.xhtml

lukasjhan commented 2 weeks ago

Yeah sha-256 is right. In fact, It's case-sensitive. see https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/523#issuecomment-2469282939

endimion commented 2 weeks ago

hey all, thanks for bringing this up... it should already have been corrected in the staging branch. Please verify and close if so. Also, @astrom-b there are a couple issues you have raised that I belive have already been adressed ... if so can you please close them so I can merge the staging to the main :)

astrom-b commented 2 weeks ago

Closing this issue since it was already fixed in staging. My bad :)