Spomky
commented
6 months ago Hi,
This looks like a regression not covered by tests. It will be fixed soon.
Closed user163 closed 6 months ago
Spomky
commented
6 months ago Hi,
This looks like a regression not covered by tests. It will be fixed soon.
github-actions[bot]
commented
5 months ago This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Version(s) affected
3.3
Description
In this JWE example, the following can be read as a comment on the payload:
and indeed if the message is not a UTF-8 compatible byte sequence, an
is thrown.
Why is there this constraint, i.e. why can't the payload be any byte sequence? In RFC7516 JWE this restriction does not seem to be specified. Other JWE implementations, such as JWCrypto allow arbitrary byte sequences.
How to reproduce
Run the linked example and use a non-UTF-8 compliant byte sequence as payload.
Possible Solution
The restriction to UTF-8 compatible byte sequences as payload should be removed. It should be possible to use any byte sequence as payload.
Additional Context
There is a similar (meanwhile fixed) bug, but in the context of signing detachd payloads: #491.