baha-ai
commented
3 years ago Never mind this issue, as per the JWE IETF standard, AAD is not expected to be available in JWE Compact Serialization.
Although the library could benefit from throwing an error in CompactSerialize() if aad is not empty as it's technically returning a useless JWE (ie the recipient can't decrypt the JWE without the missing aad).
When using
encrypter.EncryptWithAuthData(msg, aad)then callencrypted.CompactSerialize()the serialized jwe's protectedHeaders do not contain the aad value which is lost when decrypting.More specifically, protectedHeader does not have the aad value as a suffix concatenated with '.'
The missing line that should be fixed is at: https://github.com/square/go-jose/blob/v2/jwe.go#L252