Missing Feature: Adding `"wpk"` field to footer
Rust-Galt opened this issue · 2 comments
What works perfectly and correctly
Adding "kid" (Wrapped PASERK) field to footer through footer.add_aditional("kid", ...) is not allowed.
Adding "wpk" (Wrapped PASERK) field to footer through footer.add_aditional("wpk", ...) is not allowed.
Adding "kid" (Wrapped PASERK) field to footer possible with footer.key_id(...).
Missing feature
Adding "wpk" (Wrapped PASERK) field to footer not possible footer.wrapped_paserk(...)
Hi @Rust-Galt,
It's true that currently you can't set the wpk claim in the footer. The reason is that, the PASERK "wrapped" formats that are safe to put in the footer, have not been implemented yet. If we were to allow users to set the wpk claim to anything, they might inadvertently leak some key material in there.
The way we solve this for the kid claim currently, is we have a Id PASERK struct that can be put in the footer, as you mention with key_id(). I'd prefer we keep it the same if we're to add wpk possibility.
So I guess my question is, are you asking that some specific variant, that can be put into wpk field of the footer, be added (seal, local-wrap or secret-wrap)? Or do you already have some functionality that implements those wrapped-formats?
If the latter is the case, maybe you are interested in contributing/getting it added to this library?
Hi @brycx,
Very reasonable choice and now I understand. I have played around with the various PASETO/PASERK crates and each have some features missing here and there. And yours seems the most clean and featured one. @conradludgate rusty_paserk seems to support the various PASERK formats.
So I see there is no real issue here. I just wanted to ask about it like this. Greetings