- changed status to resolved
header is re-encoded when checking signature/integrity
Issue #97
closed
Similar to issue #46 but with the header - the input into signing/HMAC and AEAD tag calculation is re-encoding the header value rather than using the original encoded value as is from the message. In practice this should rarely, if ever, be a problem. And it doesn't seem to have been an issue. But it would be more appropriate calculate the signature/tag from the actual encoded message content rather than relying on the encoding to produce the same value from the underlying JSON of the header.
Comments (2)
-
reporter -
reporter - changed status to closed
in v0.5.7
- Log in to comment
fix
#97‘header is re-encoded when checking signature/integrity’ by using the encoded header value as-is from the message as input into singing input→ <<cset 6f4cf809e381>>