- edited description
Messages - 4.4 Symmetric Encryption key using client_secret
Issue #578
resolved
Currently, it says : {{{ Symmetric Encryption Use the client_secret to KeyWrap a random Content Master Key to be used for encrypting the signed JWT. }}}
The A(128/256)KW algorithms require a 128/256 bit key to wrap the master key. The client_secret may not be the required length. It was suggested that a hash be applied to the client_secret to obtain the necessary key material for the wrapping algorithm.
Comments (5)
-
reporter
-
repo owner
-
We have now made the default signing RS256. The key for symmetric signing is no longer required to be the client secret.
-
Change signing to use client secret and encryption to use a hash of the client secret.
-
- changed status to resolved
Fixes
#578Add text for calculating signing and encryption keys for symmetric algorithms - Log in to comment
