search

dyne / Zenroom

Embedded no-code VM executing human-like language to manipulate data and process cryptographic operations.
https://dev.zenroom.org
GNU Affero General Public License v3.0
199 stars 64 forks source link

Encoding for JWT during import #778

Open albertolerda opened 11 months ago

albertolerda commented 11 months ago

Currently, a JWT is represented as a dictionary

{
    header: { ... },
    payload: { ... },
    signature:  ... 
}

To sign a JSON we have to encode it, which is generally not deterministic (for an import from the outside). Inside zencode it is fine keeping it as a dictionary (because the encoding is deterministic), the problem is with the sd jwt.

From the outside, the user can decide whether to use sd jwt (which is encoded) or signed selective disclosure

For the inside the jwt is an or, either the previous or

{
    header: "base64",
    payload: "base64,
    signature: ...
}
jaromil commented 11 months ago

Point of intervention:

image