JWK key signing is broken in OpenSSL 3.0 #19
Comments
|
Are there any plans to update this gem? It's the only one I could find for JOSE signing. |
|
@potatosalad if you're not planning to maintain this library, could you please add a note on the README ? OpenSSL 1.1 will not be receiving security updates beyond 2023, so making it work with OpenSSL 3.x is quite important or people will need to switch to a different library. thanks |
|
This is thrown together and seems to work for our use https://github.com/enriquez/ruby-jose/tree/convert-to-asn1 |
|
thanks @enriquez - we're moving away from using this gem as it seems to be unmaintained. |
|
@deepfryed can you recommend alternatives? |
|
we're trying out https://rubygems.org/gems/jwt |
|
We're using jwt too. Works fine. |
See issue potatosalad#19 chore: Force OpenSSL 3 on dev. chore: Upgrade Bundler.
|
This is still failing after the commit: |
Thanks for that tip. Looked pretty promising until I realized it does not support |
|
Are there alternatives for JWE encrypt/decrypt? seems like jose is the only one that support an algo of ECDH-ES+A256KW |
|
I actually ended up just writing my own version in the end, as if you look at the actual sign/verify requirements, it's only a dozen lines of code to support a single set of ciphers etc. |
So did I, used JWT gem for JWT but ended up writing our own implementation for JWE with some "inspiration" from this gem to support RSA-OAEP-256. |
|
If anyone is still looking I believe this issue was addressed by #25 and goes away by updating to |
https://github.com/potatosalad/ruby-jose/blob/master/lib/jose/jwk/kty_ec.rb#L20
does not work with OpenSSL 3.0 and fails with error "pkeys are immutable on OpenSSL 3.0"
Potential fix is to use ASN1 sequences as done in https://github.com/googleapis/google-auth-library-ruby/pull/397/files#diff-fda73a61a26353211e861c4b1519bd86ec9abd1bfa2a044601bae498679ea7e5R160-R165
The text was updated successfully, but these errors were encountered: