Hi there, it seems like the example symmetric key in section 3.6 uses `A256GCM`, which is a content encryption algorithm (used in the `enc` header), in the `alg` header parameter. According to the `Algorithm Usage Location(s)` column in the `IANA JSON Web Signature and Encryption Algorithms` registry[1], `A256GCM` should be used in the `enc` header not the `alg` header. Therefore, I wonder if this is intentional or an error (I believe the latter). If it is an error, the key is malformed and I think an errata should be issued.
Sincerely, -- Erik Tesar <[email protected]> https://erik-tesar.com [1]: <https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
