Header is automatically included as AAD for JWE content encryption algorithm

Comments (4)

1. 

   Brian Campbell

   In the JWE Compact Serialization, which is all this library supports, the header is always protected and thus always included in the AAD.

   The JWE spec can be a little hard to follow but some relevant parts follow.

   from https://tools.ietf.org/html/rfc7516#section-2

      JWE Protected Header
         JSON object that contains the Header Parameters that are integrity
         protected by the authenticated encryption operation.  These
         parameters apply to all recipients of the JWE.  For the JWE
         Compact Serialization, this comprises the entire JOSE Header.
   

   from https://tools.ietf.org/html/rfc7516#section-5.1

      13.  Compute the Encoded Protected Header value BASE64URL(UTF8(JWE
           Protected Header)).  If the JWE Protected Header is not present
           (which can only happen when using the JWE JSON Serialization and
           no "protected" member is present), let this value be the empty
           string.
   
      14.  Let the Additional Authenticated Data encryption parameter be
           ASCII(Encoded Protected Header).  However, if a JWE AAD value is
           present (which can only be the case when using the JWE JSON
           Serialization), instead let the Additional Authenticated Data
           encryption parameter be ASCII(Encoded Protected Header || '.' ||
           BASE64URL(JWE AAD)).
   

   • 2018-12-03T18:57:02+00:00
2. 

   Lauris Liparts reporter

   Thanks, you're right.

   • 2018-12-03T20:11:48+00:00
3. 

   Lauris Liparts reporter

   • changed status to resolved

   • 2018-12-03T20:11:55+00:00
4. 

   Lauris Liparts reporter

   • changed status to closed

   • 2018-12-03T20:12:12+00:00
5. Log in to comment