Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Version 1.1.0
Compare
Choose a tag to compare
@csstaub csstaub released this 23 Sep 00:32
· 338 commits to master since this release
v1.1.0
This tag was signed with the committer’s verified signature. The key has expired.
csstaub Cedric Staub
GPG key ID: E0F193D384208FD0
Expired
Verified
Learn about vigilant mode.
aa2e30f
This commit was signed with the committer’s verified signature. The key has expired.
csstaub Cedric Staub
GPG key ID: E0F193D384208FD0
Expired
Verified
Learn about vigilant mode.

Fixes and improvements

  • Add new VerifyMulti function to verify multi-signature JWS objects. The existing Verify function has been changed to only accept single-signature objects. This ensures that callers do not accidentally accept multi-signature objects in contexts where they are not expected (#111, 2c5656a).
  • Add new DecryptMulti function to decrypt multi-recipient JWE messages. The existing Decrypt function has been changed to only accept single-recipient messages. This ensures callers do not accidentally accept multi-recipient messages in contexts where they are not expected (#111, 2c5656a).
  • Add checks when deserializing JWS objects to ensure that any embedded JWK (if present) is valid and represents a public key (not private/symmetric key) as per spec. This is to ensure that callers don't accidentally end up accepting embedded JWKs that represent symmetric/private keys (#112, e8e21a9).

Note that this represents a subtle API change, as the Decrypt and Verify functions are now stricter than before and only accept single-signature/single-recipient inputs. To reflect this change, the minor version has been bumped.

Assets 2
Loading