client-encryption-nodejs icon indicating copy to clipboard operation
client-encryption-nodejs copied to clipboard
verified publisher icon Mastercard

add hmac verification for aes cbc

Open cormacdalton opened this issue 2 months ago • 0 comments

PR checklist

  • [x] An issue/feature request has been created for this PR
  • [x] Pull Request title clearly describes the work in the pull request and the Pull Request description provides details about how to validate the work. Missing information here may result in a delayed response.
  • [x] File the PR against the master branch
  • [x] The code in this PR is covered by unit tests

Description

This PR implements HMAC authentication tag verification for AES-CBC encrypted payloads (A128CBC-HS256) in JWE, providing enhanced security and compliance with RFC 7516 (JSON Web Encryption) specification. The feature is opt-in and disabled by default to maintain backward compatibility with existing systems.

cormacdalton avatar Dec 15 '25 11:12 cormacdalton