Thanks Mike & Edmund, I have also verified the example using the corrected authentication tag.
On Mon, Mar 10, 2014 at 9:25 PM, Mike Jones <[email protected]>wrote: > Hi All, > > > > In London, we asked if people could validate the examples in the specs. > Edmund Jay reproduced the encrypted JWK example in > http://tools.ietf.org/html/draft-ietf-jose-json-web-key-23#appendix-C and > in the process, identified a correction that I wanted to make you aware of, > which will need to be applied to the specs. Quoting from Edmund's note to > me: > > > > I was able to decrypt the example but the authentication tag value is > different: > > > > The tag in the JWE is [125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, > 178, 91, 88, 254, 19] > > > > My code is expecting [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, > 99, 32, 121, 17, 236]. > > > > So that means the PBES2-HS256+A128KW key wrap and A128CBC content > encryption is fine and only the HS256 part is wrong. > > Using your JSON string values as input to manually craft the JWE also > results in the same discrepancy with the authentication tag. > > > > My code also independently produced the same authentication tag value as > Edmunds, so I wanted to make those of you who might also be trying to > verify this value aware of the discrepancy. The corrected base64url > encoded authentication tag value will therefore be 0HFmhOzsQ98nNWJjIHkR7A. > > > > Thanks, Edmund! > > > > -- Mike > > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
