Hi, Some algorithms used in JOSE allow random data to be used. Examples are IVs and CMKs.
My question: in an API for JOSE should I always generate all values that can be random randomly or should e.g. the IV be a parameter and I trust the developer using the API to provide secure and applicable values? My current plan is to have a parameter "SecureRandom sr" in all public methods and generate all algorithm parameters randomly where that is possible. So in an application server you can initialize the SecureRandom once and use it in all requests. Thanks Axel https://code.google.com/p/jsoncrypto/source/browse/trunk/src/org/jsoncrypto/JcBase.java _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
