I believe that h'0101...' isn't legal JSON. The JWS "signature" value is a
string representing the base64url encoding of the signature.
-- Mike
-----Original Message-----
From: jose <[email protected]> On Behalf Of Jim Schaad
Sent: Tuesday, October 29, 2019 3:55 PM
To: [email protected]
Subject: [jose] Is this a legal JOSE message
I have been trying to get my JOSE implementation back up to snuff because it
turns out that I need it for some of the ACE work. Part of that means that I
am producing unit tests and making sure that each of the pieces works
correctly. As part of that effort I ended up producing the attached file.
As near as I can tell from diving through the JWE and JWS specifications, this
is a legal JWE and JWS file.
1. Please point me to the text in the two documents which says that this is
not a legal message.
2. If the text does not exist, was it meant to be a legal message?
3. If it was not meant to be a legal message, can we get some text to add to
both of the documents so that this will be detected as an illegal message.
For people wishing to validate the message(s), I used the keys from the
cookbook.
Jim
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
