Open annevk opened 11 months ago
Hello :wave: Apologies for the (very) delayed response.
The spec intentionally doesn't require using JSON.stringify, and notes:
The key wrapping operations for some algorithms place constraints on the payload size. For example AES-KW requires the payload to be a multiple of 8 bytes in length and RSA-OAEP places a restriction on the length. For key formats that offer flexibility in serialization of a given key (for example JWK), implementations may choose to adapt the serialization to the constraints of the wrapping algorithm. This is why JSON.stringify is not normatively required, as otherwise it would prohibit implementations from introducing added padding.
That being said, I'm not aware of any implementation that does so, so we could probably change that.
But, I think the less invasive change to fix the issue you noted would be to just use https://encoding.spec.whatwg.org/#utf-8-encode for now, so I'll start by making a PR for that :blush:
Sounds reasonable, but I'd very much appreciate the follow-up issue/discussion as well as I don't think we should have multiple JSON serializers in the platform. If we want to add padding we should mandate it across implementations and define where it happens relative to JSON serialization.
There's no such thing as UTF-8 code points.
Maybe you want https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-json-bytes?
(Found while looking at #347.)