Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Version 2.2.1
Compare
Choose a tag to compare
@csstaub csstaub released this 05 Dec 19:26
· 91 commits to v2 since this release
v2.2.1
This tag was signed with the committer’s verified signature.
csstaub Cedric Staub
GPG key ID: CF5A0B62B8712EBE
Verified
Learn about vigilant mode.
7241509
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release adds stricter checks (#210) for handling JWKs with elliptic keys. As per RFC 7518, Section 6.2.1.2 to 6.2.2.1 the length of this octet strings for X/Y/D values in JWKs MUST be the full size of a coordinate for the curve specified in the "crv" parameter. As a result, invalid JWKs that were previously accepted (e.g. a JWK where the padding was missing on X/Y coordinates) will now be rejected when parsing them.

Assets 2
Loading