Use HMAC instead of AES encryption for Proof of Patience?

[dlongley]

We encrypt the proof-of-patience token here using AES:

https://github.com/digitalbazaar/authorization.io/blob/master/lib/proofs.js#L94-L100

Can we just use an HMAC instead? Does the data need to be hidden or do we just need to assert it hasn't been changed?

[dlongley]

Fixed in b2450e33951aa53be3628bb5ceeec0f1e0c63693.