JWE Support #1
JWE Support #1
Conversation
Signed-off-by: ortyomka <iurin.art@gmail.com>
Signed-off-by: ortyomka <iurin.art@gmail.com>
|
@oxisto if you have free time, review the PR, please |
|
Hey there, thanks for putting a PR .. additions/changes related to security take time to review. It requires brushing up on the JWE specification, ensuring the implementation matches and there are no bugs or security issues to the best of our abilities/knowledge. Furthermore, a lot of folks submit PR's, but then it's the maintainers who are on the hook to support that code and address bugs, issues, improvements, review new PR's, etc. I can't speak for others, but right now is the end of quarter crunch time .. so my availability for open-source projects is limited. Tbh, adding JWE support isn't very high on my list and I'd rather not rush something for the sake of getting it out there. |
|
I have understood your position. Thank you for your response. |
There was a problem hiding this comment.
First set of review done. Thanks again for this contribution, it is very welcome. Sorry for the long delay in reviewing this.
There are still some kinks to work out in the (public) API, but since we are no way near releasing any 1.x version for this, it is ok and we can merge it once a few of the comments are addressed. Then afterwards, this probably needs another fine-tuning of the API.
Fix small issues Signed-off-by: ortyomka <iurin.art@gmail.com>
|
@oxisto Thank you for review. I fixed all comments |
Thank you! I have one small last comment for the errors and then I would suggest merging this initial version. Everything else can be done in increments. |
Signed-off-by: ortyomka <iurin.art@gmail.com>
|
@oxisto Added your suggestion |
Issue golang-jwt/jwt#67
Add support of JWE with one key (Compact)
Add AES GCM cipher to encrypt content
Add RSA-OAEP to encrypt key
Add test from RFC7516 Section 3.3
cc @mfridman @oxisto