Switch to better default signing and encryption algorithms
codedust opened this issue · 0 comments
Currently, the library does not define the best algorithm choices for encryption and signing:
Signing
Please use PS256
per default instead of RS256
. See, e.g., https://www.scottbrady91.com/JOSE/JWTs-Which-Signing-Algorithm-Should-I-Use
Also, in the README, the use of RSA-256
is described. However, RSA-256
does not exist according to RFC 7518.
Key Encryption
Please use RSA-OAEP-256
per default instead of RSA-OAEP
(which uses SHA1
). Severe attacks against SHA1
have been found in 2017 [1] and 2020 [2] [3]. Also, e.g. see the warning in MDN [4].
[1] https://shattered.io/
[2] https://www.schneier.com/blog/archives/2020/01/new_sha-1_attac.html
[3] https://eprint.iacr.org/2020/014.pdf
[4] https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams