This is an interesting question. The definition of the “alg” field in RFC 7517 (JWK - as distinct from the “alg” *header* in JWE/JWS), just says that the value must come from the IANA JSON Web Signature and Encryption Algorithms registry or a collision-resistant name. That registry contains both “alg” and “enc” values, so I guess technically this is fine.
It makes sense when alg=dir is used, as the enc is then the real algorithm to be used with the key. (And I notice our code that enforces this does exactly this check only when alg=dir). — Neil > On 17 Jul 2022, at 16:13, Erik Tesar <[email protected]> > wrote: > > Hi there, > it seems like the example symmetric key in section 3.6 uses `A256GCM`, which > is a content encryption algorithm (used in the `enc` header), in the `alg` > header parameter. According to the `Algorithm Usage Location(s)` column in > the `IANA JSON Web Signature and Encryption Algorithms` registry[1], > `A256GCM` should be used in the `enc` header not the `alg` header. Therefore, > I wonder if this is intentional or an error (I believe the latter). If it is > an error, the key is malformed and I think an errata should be issued. > > Sincerely, > > -- > Erik Tesar <[email protected]> > https://erik-tesar.com > > [1]: > <https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms> > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
