Open patrickmcgannon opened 1 year ago
Hi @patrickmcgannon , actually library supports little bit more than nimbus-jose-jwt
:) Ok, honestly it's cross-tested against nimbus-jose-jwt
on all algs, should be fully compatible.
A128CBC+HS256
- something long time ago deprecated or changed as you said, it's not standard alg identifier for quite some years. Library supports aliases for exactly that case, but you should enable them manually, please see here: https://github.com/dvsekhvalnov/jose-jwt#settings
Thanks for pointing out that section. That's a great feature.
I don't know if A128CBC-HS256
is totally equivalent to A128CBC+HS256
if that is what you were saying. Also, see #43 for some historical context I found. I wasn't sure if this was similar to this.
Given this:
Replaced "A128CBC+HS256" and "A256CBC+HS512" with "A128CBC-HS256"
and "A256CBC-HS512". The new algorithms perform the same
cryptographic computations as [I-D.mcgrew-aead-aes-cbc-hmac-sha2],
but with the Initialization Vector and Authentication Tag values
remaining separate from the Ciphertext value in the output
representation. Also deleted the header parameters "epu"
(encryption PartyUInfo) and "epv" (encryption PartyVInfo), since
they are no longer used.
Do you think I should try to re-implement a part of the implementation using the settings you mentioned above?
Ah, indeed it was different enc algo with different KDF function. Not an alias. You can find details here: https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-encryption-08#appendix-A.4
But really, it was deprecated 10 years ago. You seriously want it?
Hi,
I have read in a lot of issues that
jose-jwt
strives to a level of support similar to that of the Java packagenimbus-jose-jwt
.We are porting from Java to C# and I realized that the JWE token that we have always received from a partner uses
A128CBC+HS256
which is not supported by jose-jwt, as it was deprecated in lieu of the similarA128CBC-HS256
. **Here is our Java code, for reference:
I was wondering if there is either:
a. A way to workaround this limitation in jose-jwt since the algorithm isn't all that different from
A128CBC-HS256
, but obviously those differences are very low-level. b. A chance of supportingA128CBC+HS256
c. A recommendation for finding support elsewhere.Error code for issue tracking:
InvalidAlgorithmException: JWE algorithm is not supported: A128CBC+HS256
.and here is the Header for the encrypted token:
Thanks!
** From a spec regarding their differences: