Messages - Define how it should be Encrypted
Issue #88
resolved
Details like which key is to be used to sign etc. needs to be added back.
Comments (8)
-
reporter -
reporter -
assigned issue to
Encryption text proposal should be made so that it goes well with JOSE and JWT.
-
assigned issue to
-
reporter - changed title to Messages - Define how it should be Encrypted
-
- marked as critical
-
- changed status to open
-
re
#88Add sec 6.1 and 6.2 -
re
#88update sec 6.3 signing -
- changed status to resolved
fixes
#88Update Sec 6.4 encryption - Log in to comment
alg=HS256
Use client_secret. Note that client_secret has to have sufficient entropy to provide adequate security.
alg=RS256 / ES256
Use the x5u or jwk that were registered. If there were multiple keys in jwk, kid MUST be specified in JWS header. If there were multiple certs in x5u, then x5t MUST be specified in JWS header. Make sure that key usage matches the use of the key.