-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWE Support #1
JWE Support #1
Conversation
Signed-off-by: ortyomka <[email protected]>
Signed-off-by: ortyomka <[email protected]>
@oxisto if you have free time, review the PR, please |
Hey there, thanks for putting a PR .. additions/changes related to security take time to review. It requires brushing up on the JWE specification, ensuring the implementation matches and there are no bugs or security issues to the best of our abilities/knowledge. Furthermore, a lot of folks submit PR's, but then it's the maintainers who are on the hook to support that code and address bugs, issues, improvements, review new PR's, etc. I can't speak for others, but right now is the end of quarter crunch time .. so my availability for open-source projects is limited. Tbh, adding JWE support isn't very high on my list and I'd rather not rush something for the sake of getting it out there. |
I have understood your position. Thank you for your response. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First set of review done. Thanks again for this contribution, it is very welcome. Sorry for the long delay in reviewing this.
There are still some kinks to work out in the (public) API, but since we are no way near releasing any 1.x version for this, it is ok and we can merge it once a few of the comments are addressed. Then afterwards, this probably needs another fine-tuning of the API.
Fix small issues Signed-off-by: ortyomka <[email protected]>
@oxisto Thank you for review. I fixed all comments |
Thank you! I have one small last comment for the errors and then I would suggest merging this initial version. Everything else can be done in increments. |
Signed-off-by: ortyomka <[email protected]>
@oxisto Added your suggestion |
Issue golang-jwt/jwt#67
Add support of JWE with one key (Compact)
Add AES GCM cipher to encrypt content
Add RSA-OAEP to encrypt key
Add test from RFC7516 Section 3.3
cc @mfridman @oxisto