Open panva opened 2 years ago
How about this?
if self._algorithm in ['A128GCM', 'A192GCM', 'A256GCM', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW']:
#print("generating IV of length 96bit")
iv = get_random_bytes(12)
else:
#print("generating IV of length 128bit")
iv = get_random_bytes(16)
Folks - is there a concern for resolving this issue, or is the problem that no one has executed on this?
I've opened the following issue for jose
here: https://github.com/panva/jose/issues/678
However, the primary maintainer of that package (who also opened this issue) has identified that python-jose
is not following the RFC spec for JWE. It seems like this package should follow the specification. If there is no concern for following the JWE spec to adhere to the IV length requirements for AES GCM modes, I will open a PR to do so.
I will open a PR to do so.
A user of this library was having an issue decrypting JWE tokens produced by it in my javascript library. See https://github.com/panva/jose/issues/314
Despite a few hurdles overcome they are not able to interoperate the libraries due to a non-conform JWE implementation in python-jose.
Namely, the Initialization Vectors used for encryption are not conform, their bit lengths are not according to specification.