Hi All,
In London, we asked if people could validate the examples in the specs. Edmund
Jay reproduced the encrypted JWK example in
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-23#appendix-C and in
the process, identified a correction that I wanted to make you aware of, which
will need to be applied to the specs. Quoting from Edmund's note to me:
I was able to decrypt the example but the authentication tag value is different:
The tag in the JWE is [125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178,
91, 88, 254, 19]
My code is expecting [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99,
32, 121, 17, 236].
So that means the PBES2-HS256+A128KW key wrap and A128CBC content encryption is
fine and only the HS256 part is wrong.
Using your JSON string values as input to manually craft the JWE also results
in the same discrepancy with the authentication tag.
My code also independently produced the same authentication tag value as
Edmunds, so I wanted to make those of you who might also be trying to verify
this value aware of the discrepancy. The corrected base64url encoded
authentication tag value will therefore be 0HFmhOzsQ98nNWJjIHkR7A.
Thanks, Edmund!
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
