- Fixes
- Fixes
- Removes use of
dynamic()
type spec so OTP 24 and OTP 25 are still supported for now.
- Removes use of
- Security Patches
- CVE-2023-50966: Add
jose:pbes2_count_maximum/0
. By default, the maximum iterations are set to 10,000 and it will raise an error ifp2c
is larger than this value.
- CVE-2023-50966: Add
- Changes
- Declare Poison as an optional dependency, thanks to [@lnikkila][https://github.com/lnikkila]; see #144.
- Ensure
jiffy:encode/1
returns a binary, thanks to @ssepml; see #145. - Various type spec additions and dialyzer/dialyxir integrations, thanks to @whatyouhide and @maennchen.
- Doc updates and fixes, thanks to @aymanosman and @adamu; see #158 and #159.
- Fixes
- Fixes
- Remove dependency on
parse_transform
forjose_base64
andjose_base64url
.
- Remove dependency on
- Enhancements
- Add support for native
crypto
operations for Ed25519 and Ed448, thanks to @brettbeatty; see #123. - Add support for native
crypto
operations for ChaCha20-Poly1305 and XChaCha20-Poly1305, when available. - Add support for
libsodium
operations for XChaCha20-Poly1305, when available. - Add support for
thoas
JSON encode/decode, thanks to @michaelklishin; see #126. - Add support for
ES256K
which uses thesecp256k1
curve andRS1
signatures (see 291dbb8). - Add support for ECDH-1PU
JOSE.JWK.box_encrypt_ecdh_1pu
and ECDH-ESJOSE.JWK.box_encrypt_ecdh_es
and document the deprecatedJOSE.JWK.box_encrypt
. - Add support for ECDH-SS
JOSE.JWK.box_encrypt_ecdh_ss
. - Hide
kty
field when inspecting%JOSE.JWK{}
strict, thanks to @spencerdcarlson; see #139
- Add support for native
- Fixes
- Version mismatch causing
rebar3
to constantly try to update; see #122. - Fix Ed25519 and Ed448 key DER/PEM encode/decode for OTP 25.
- Fix Ed25519ctx, Ed25519ph, Ed448, and Ed448ph when dealing with contexts so the implementation matches IETF RFC 8032.
- Drop direct usage of
crypto:hmac/4
, thanks to @thalesmg; see #136 - Replace incorrect usage of
-include_lib
with-include
, thanks to @Richiban; see #140 - Update the CI jobs so they actually run the Elixir tests, thanks to @moogle19; see #137
- Change the
master
branch tomain
.
- Version mismatch causing
- This version was never actually released, but was referenced for a while on the
master
branch (see 43d3db4).
- Fixes
- Add compatability with OTP 24
- Fixes
- Fix compatibility with older OTP versions
- Fix AES detection on OTP 23
- Fix AES GCM bugs on OTP 23
- Fixes
- Add compatability layer to fix deprecated
crypto
functions. - Use
:extra_applications
instead of:applications
(bumps Elixir requirement to~> 1.4
). - Conditionally compile
Poison
modules used for testing.
- Add compatability layer to fix deprecated
- Fixes
- Add PEM/DER compatibility layer for PKCS-8 incompatibilities with various versions of OTP,
crypto
, andpublic_key
; see #82
- Add PEM/DER compatibility layer for PKCS-8 incompatibilities with various versions of OTP,
-
Enhancements
- Remove base64url dependency and include embedded version.
- Add support for
C20P
andXC20P
encryption based on draft-amringer-jose-chacha (ChaCha20/Poly1305 and XChaCha20/Poly1305). - Add support for ECDH-ES keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
- Add support for PBES2 keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
- Add support for
ECDH-1PU
encryption based on draft-madden-jose-ecdh-1pu. - Add support for reading/writing DER format (or PKCS8 format).
-
Fixes
-
Enhancements
- Add support for Jason JSON encoding and decoding.
- Add support for Poison 4.x and lexical ordering.
- Use
public_key
overcutkey
for RSA key generation if available. - Drop support for older versions of OTP (19+ now required).
- Relicense library under MIT license.
-
Fixes
- Add macro so the application compiles without warnings after
erlang:get_stacktrace/0
has been deprecated. - Extra sanity check for RSA padding modes when falling back.
- Add macro so the application compiles without warnings after
- Enhancements
- Add support for reading and writing PEM files for Ed25519, Ed448, X25519, and X448 keys based on draft-ietf-curdle-pkix.
- Add support for ojson adapter for encoding/decoding JSON.
- Fixes
- Regression fix from 1.8.2 for OTP-17 (thanks to @alexandrejbr, see #35 and #36)
-
Enhancements
-
Fixes
- Fix cross-platform issues with EC signatures (specifically S and R sizes, thanks to @alexandrejbr, see #32)
- Typo in documentation for
JOSE.encode/1
(thanks to @DaveLampton, see #31)
-
Tests
- Tested against OTP 19.3, Elixir 1.4.x, and Poison 3.x
- Fixes
- Parentheses to remove ambiguity on Elixir 1.4 #26, thanks @alexandrubagu
-
Enhancements
- ChaCha20/Poly1305 encryption and one-time message authentication functions are experimentally supported based on RFC 7539.
-
Fixes
Examples of new functionality:
iex> # Encrypt
iex> jwe = %{"alg" => "dir", "enc" => "ChaCha20/Poly1305"}
iex> jwk = JOSE.JWE.generate_key(jwe) |> JOSE.JWK.to_map |> elem(1)
%{"alg" => "dir", "enc" => "ChaCha20/Poly1305", "k" => "EffEuY2nbShIVtizmek8AuR7ftSuY2e8XRxGjMc8QAc", "kty" => "oct", "use" => "enc"}
iex> plain_text = "message to encrypt"
iex> encrypted = JOSE.JWK.block_encrypt(plain_text, jwk) |> JOSE.JWE.compact |> elem(1)
"eyJhbGciOiJkaXIiLCJlbmMiOiJDaGFDaGEyMC9Qb2x5MTMwNSJ9..lbsERynEgQS8CRXZ.D_kt8ChsaYWX9gL9tJlJ2n0E.y0o_TYjGlaB9sEEcA9o12A"
iex> # Decrypt
iex> plain_text == JOSE.JWK.block_decrypt(encrypted, jwk) |> elem(0)
true
iex> # Sign
iex> jws = %{"alg" => "Poly1305"}
iex> jwk = JOSE.JWS.generate_key(jws) |> JOSE.JWK.to_map |> elem(1)
%{"alg" => "Poly1305", "k" => "2X-OZVLA41Wy7mAjqWRaZyOw8FLyL3O3_f8d16D_-tQ", "kty" => "oct", "use" => "sig"}
iex> message = "message to sign"
iex> signed = JOSE.JWK.sign(message, jwk) |> JOSE.JWS.compact |> elem(1)
"eyJhbGciOiJQb2x5MTMwNSIsIm5vbmNlIjoicGExU1dlQzJVQzhwZlQ1NCJ9.bWVzc2FnZSB0byBzaWdu.IUI-PvN5bh_9jX-MeDtetw"
iex> # Verify
iex> JOSE.JWK.verify_strict(signed, ["Poly1305"], jwk) |> elem(0)
true
- Fixes
- Fixed JSON encoding bug in
jose_json_poison_compat_encoder
for projects using Poison as the JSON encoder where Erlang loads Elixir as a dependency.
- Fixed JSON encoding bug in
-
Enhancements
- Updated EdDSA tests to comply with draft 04 of draft-ietf-jose-cfrg-curves-04.
-
Fixes
- Fixed compression encoding bug for
{"zip":"DEF"}
operations (thanks to @amadden734 see potatosalad/ruby-jose#3)
- Fixed compression encoding bug for
- Enhancements
- Improved handling of RSA private keys in SMF (Straightforward Method) form to CRT (Chinese Remainder Theorem) form, see #19 This is especially useful for keys produced by Java programs using the
RSAPrivateKeySpec
API as mentioned in Section 9.3 of RFC 7517. - Updated EdDSA operations to comply with draft 02 of draft-ietf-jose-cfrg-curves-02.
- Improved handling of RSA private keys in SMF (Straightforward Method) form to CRT (Chinese Remainder Theorem) form, see #19 This is especially useful for keys produced by Java programs using the
Example RSA SMF to CRT usage:
%% The following map of an RSA secret key is in SMF (Straightforward Method) form.
%% Notice that we only have d, e, and n for this secret key.
JWK = jose_jwk:from(#{
<<"d">> => <<"WSAGFGM7fSyYn5NyBL0dp3kjHjQ3djjhQoOAFasoyeE">>,
<<"e">> => <<"AQAB">>,
<<"kty">> => <<"RSA">>,
<<"n">> => <<"0PM6Aooi_KYkDA1r-S24SauFpfTRc5kiPLF3a1EhuY8">>
}).
%% If we convert it back to a map, it is now in CRT (Chinese Remainder Theorem) form.
%% Notice that the dp, dq, p, q, and qi have been restored.
element(2, jose_jwk:to_map(JWK)) =:= #{
<<"d">> => <<"WSAGFGM7fSyYn5NyBL0dp3kjHjQ3djjhQoOAFasoyeE">>,
<<"dp">> => <<"G00J545ym1bqC9hnFDo3aQ">>,
<<"dq">> => <<"tt0FvEZgKli6IL4rVKx3cw">>,
<<"e">> => <<"AQAB">>,
<<"kty">> => <<"RSA">>,
<<"n">> => <<"0PM6Aooi_KYkDA1r-S24SauFpfTRc5kiPLF3a1EhuY8">>,
<<"p">> => <<"9O5YQ0w6PIpDl6c6yqwyKQ">>,
<<"q">> => <<"2mScgy86M3q6b301UAU09w">>,
<<"qi">> => <<"Wrp0SgcGgTT5WmeuHD6Sqw">>
}.
- Fixes
- Compatibility fixes for OTP 19 and Elixir 1.3
- Fixes
- Removed leftover development file accidentally included in last release.
-
Enhancements
- More detailed documentation on key generation.
-
Fixes
- Fixes
JOSE.JWT.encrypt/2
now usesJOSE.JWK.block_encryptor/1
properly.
- Enhancements
- Better support for lists of terms.
- Added merge functions:
JOSE.JWE.merge/2
JOSE.JWK.merge/2
JOSE.JWS.merge/2
JOSE.JWT.merge/2
- Added signer, verifier, and block_encryptor functions:
JOSE.JWK.signer/1
JOSE.JWK.verifier/1
JOSE.JWK.block_encryptor/1
- Support for
"alg"
,"enc"
, and"use"
on keys.
Examples of new functionality:
iex> # Let's generate a 64 byte octet key
iex> jwk = JOSE.JWK.generate_key({:oct, 64}) |> JOSE.JWK.to_map |> elem(1)
%{"k" => "FXSy7PufOayusvfyKQzdxCegm7yWIMp1b0LD13v57Nq2wF_B-fcr7LDOkufDikmFFsVYWLgrA2zEB--_qqDn3g", "kty" => "oct"}
iex> # Based on the key's size and type, a default signer (JWS) can be determined
iex> JOSE.JWK.signer(jwk)
%{"alg" => "HS512"}
iex> # A list of algorithms for which this key type can be verified against can also be determined
iex> JOSE.JWK.verifier(jwk)
["HS256", "HS384", "HS512"]
iex> # Based on the key's size and type, a default enctypro (JWE) can be determined
iex> JOSE.JWK.block_encryptor(jwk)
%{"alg" => "dir", "enc" => "A256CBC-HS512"}
iex> # Keys can be generated based on the signing algorithm (JWS)
iex> JOSE.JWS.generate_key(%{"alg" => "HS256"}) |> JOSE.JWK.to_map |> elem(1)
%{"alg" => "HS256", "k" => "UuP3Tw2xbGV5N3BGh34cJNzzC2R1zU7i4rOnF9A8nqY", "kty" => "oct", "use" => "sig"}
iex> # Keys can be generated based on the encryption algorithm (JWE)
iex> JOSE.JWE.generate_key(%{"alg" => "dir", "enc" => "A128GCM"}) |> JOSE.JWK.to_map |> elem(1)
%{"alg" => "dir", "enc" => "A128GCM", "k" => "8WNdBjXXwg6QTwrrOnvEPw", "kty" => "oct", "use" => "enc"}
iex> # Example of merging a map into an existing JWS (also works with JWE, JWK, and JWT)
iex> jws = JOSE.JWS.from(%{"alg" => "HS256"})
iex> JOSE.JWS.merge(jws, %{"typ" => "JWT"}) |> JOSE.JWS.to_map |> elem(1)
%{"alg" => "HS256", "typ" => "JWT"}
- Enhancements
- New Edwards-curve Digital Signature Algorithm (EdDSA) version 04 is out, update test vectors and remove support for 32 byte secrets for Ed448 and Ed448ph.
-
Enhancements
- Add support for libdecaf NIF which provides support for;
Ed25519
Ed25519ph
Ed448
Ed448ph
X25519
X448
- Add support for libdecaf NIF which provides support for;
-
Fixes
- Return 56 bytes instead of 57 bytes when converting between edwards448 and curve448.
- EdDSA related refactoring/cleanup.
- Enhancements
- Add support for NIF version of keccakf1600 library with
jose_sha3_keccakf1600_nif
(version 2 and up) for even faster SHA-3 operations.
- Add support for NIF version of keccakf1600 library with
-
Enhancements
- Add
Ed448
andEd448ph
standards from draft-irtf-cfrg-eddsa. - Add support for keccakf1600 library with
jose_sha3_keccakf1600
for faster SHA-3 operations. - Many, many more tests.
- Add
-
Fixes
- Fix pure Erlang implementation of SHA-3 algorithms.
-
Enhancements
- Documentation of the encryption algorithms, specifically
JOSE.JWE
.
- Documentation of the encryption algorithms, specifically
-
Fixes
- Corrected optional callbacks issue for Elixir.
- More consistent behavior for ECDH related encryption and decryption.
- Fixes
- Corrected formatting on some of the documentation.
- Fixed optional callbacks for
jose_jwk_kty:sign/3
- Enhancements
-
Enhancements
- Support PKCS#8 formatted private key PEM files. See #13
-
Fixes
- Add missing guards in
jose_jws:sign/4
#11 - Add missing guards in
jose_jwe:block_encrypt/5
- Add missing guards in
-
Enhancements
- Added
JOSE.JWS.peek_signature/1
for inspecting the signature parts of a signed binary. JOSE.JWS.compact/1
andJOSE.JWS.expand/1
now work with signed lists.- First pass at documenting all of the major
JOSE
modules.JOSE.JWE
still needs more examples. Closes #7
- Added
-
Fixes
- Fix infinite loop on
JOSE.JWE.key_decrypt/3
when no"enc"
has been specified. - Fix various functions on
JOSE.JWE
that would fail due toJOSE.JWE.from_record/1
on wrong terms.
- Fix infinite loop on
- Enhancements
- Added
JOSE.unsecured_signing/0
andJOSE.unsecured_signing/1
for disabling the"none"
algorithm due to the unsecured signing vulnerability and in relation to #10 - Added
JOSE.JWK.verify_strict/3
,JOSE.JWS.verify_strict/3
, andJOSE.JWT.verify_strict/3
for whitelisting which signing algorithms are allowed for verification. - Added
JOSE.JWT.peek_payload/1
andJOSE.JWT.peek_protected/1
for inspecting the payload and protected parts of a signature.
- Added
-
Enhancements
oct
key management (seeJOSE.JWK.from_oct/1,2
)- Key generation functions for
EC
,RSA
, andoct
keys (seeJOSE.JWK.generate_key/1
) - Add
JOSE.JWK.box_encrypt/2
which generates an ephemeral private key based on the given key curve. - Add support for detecting OTP version 18 and up with optional_callbacks.
- Document key generation under
examples/KEY-GENERATION.md
- jiffy and jsone JSON support
- Begin documenting the Elixir API (thanks to #8)
- Add support for
jose_jws:peek/1
andjose_jwt:peek/1
- Preparations for future upstream OTP crypto changes.
- Improved detection of AES CBC, ECB, and GCM support.
- Improved detection of RSAES-OAEP, RSAES-PKCS1-v1_5, RSASSA-PKCS1-v1_5, and RSASSA-PSS support.
- Implemented fallback RSAES-PKCS1-v1_5 and RSASSA-PKCS1-v1_5 algorithms.
- Improved selection of encryptor for oct keys.
- Improved algorithm support detection for jose_jwa.
-
Fixes
- Remove "sph" from jose_jws (removed from JWS Unencoded Payload Option).
-
Tests
- Only run 1 in 10 for AES GCM and 1 in 5 for AES KW CAVP test vectors to speed up tests.
- Additional tests for RSAES-PKCS1-v1_5 and RSASSA-PKCS1-v1_5 algorithms.
-
Enhancements
- Add RSA PKCS-1 algorithms to support detection.
- Add support for
crypto_fallback
option to enable/disable non-native cryptographic algorithms. - Add support for
json_module
option for encoding/decoding of JSON.
-
Fixes
- Fix AES GCM algorithm for non 96-bit IV values.
- Allow RSA OAEP to specify Seed on encrypt.
-
Tests
- NIST and EMC test vectors for AES, PKCS-1, and PKCS-5.
- Concat KDF, PBKDF1, and PKCS-7 Padding informal verification.
- AES Key Wrap informal verification with NIST test vectors.
- Fixes
- Missed a case where jose was not starting automatically (see 1.1.2).
- Enhancements
- Automatically start jose if one of the fallback algorithms is required.
- Fixes
- Fix bit sizes for A128CBC-HS256, A192CBC-HS384, and A256CBC-HS512 algorithms.
- Don't precompute the GHASH table (speeds up AES GCM fallback on OTP 17).
- Use case statement instead of map pattern matching for block_decrypt (fixes map pattern matching bug on OTP 17).
- Allow mostly empty EC keys to be converted back to JSON.
- Add jose_jwk_props property test for full algorithm range of encryption and decryption.
-
Enhancements
- Detect supported
crypto
AES ciphers and use fallbacks when necessary. - Detect EC key mode (to support OTP 17.5).
- Mostly pure Erlang implementation of AES GCM and GHASH functions.
- Add
JOSE.JWA
module for Elixir.
- Detect supported
-
Fixes
- All tests now pass on OTP 17.5 and OTP 18.
- Fallback to non-native crypto implementations for OTP 17.5.
- Dependencies
- Use
base64url
package from hex.pm
- Use
-
Initial Release
-
Algorithm Support
- JSON Web Encryption (JWE) RFC 7516
"alg"
RFC 7518 Section 4RSA1_5
RSA-OAEP
RSA-OAEP-256
A128KW
A192KW
A256KW
dir
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
A128GCMKW
A192GCMKW
A256GCMKW
PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW
"enc"
RFC 7518 Section 5A128CBC-HS256
A192CBC-HS384
A256CBC-HS512
A128GCM
A192GCM
A256GCM
"zip"
RFC 7518 Section 7.3DEF
- JSON Web Key (JWK) RFC 7517
"alg"
RFC 7518 Section 6EC
RSA
oct
- JSON Web Signature (JWS) RFC 7515
"alg"
RFC 7518 Section 3HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
none
- JSON Web Encryption (JWE) RFC 7516