1. Brian Campbell Avatar Brian Campbell
  2. Untitled project
  3. jose4j
  4. Issues

header is re-encoded when checking signature/integrity

Issue #97 closed
Brian Campbell repo owner created an issue

Similar to issue #46 but with the header - the input into signing/HMAC and AEAD tag calculation is re-encoding the header value rather than using the original encoded value as is from the message. In practice this should rarely, if ever, be a problem. And it doesn't seem to have been an issue. But it would be more appropriate calculate the signature/tag from the actual encoded message content rather than relying on the encoding to produce the same value from the underlying JSON of the header.

Comments (2)

  1. Brian Campbell reporter

    fix #97 ‘header is re-encoded when checking signature/integrity’ by using the encoded header value as-is from the message as input into singing input

    → <<cset 6f4cf809e381>>

  3. Log in to comment
Assignee
Type
bug
Priority
minor
Status
closed
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!