Allowing bytestrings creates interoperability issues?
freyley opened this issue · 1 comments
I'm not an expert, so apologies for not really understanding what the right answer should be.
I found a piece of software that was doing this:
jwk = JOSE::JWK.from_oct(Digest::SHA256.digest(secret))
cipher_text = jwk.block_encrypt(payload, algorithms).compact
And this works fine to generate a cipher_text, which ruby-jose is able to decrypt as well. However, Python's jwcrypto library is unable to decrypt it because the sha256(secret).digest() in Python produces a bytestring, and jwcrypto does not work with bytestrings. I filed a bug with them and a patch to make it work, but the author quoted this:
From RFC 7518:
6.4.1. "k" (Key Value) Parameter
The "k" (key value) parameter contains the value of the symmetric (or
other single-valued) key. It is represented as the base64url
encoding of the octet sequence containing the key value.
I don't know who's right, but the current state of things is that the Python and Ruby libraries do not agree, and so I'd like to make you aware of this and see what can be done to get to interoperability.
Here's my bug report over there:
Thanks!
Ah, whoops, it looks like I just need to add some documentation to the jwcrypto library about how to use bytestrings in Python. Apologies for any distraction!