python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

invalid IV lengths

Open panva opened this issue 4 years ago • 3 comments

A user of this library was having an issue decrypting JWE tokens produced by it in my javascript library. See https://github.com/panva/jose/issues/314

Despite a few hurdles overcome they are not able to interoperate the libraries due to a non-conform JWE implementation in python-jose.

Namely, the Initialization Vectors used for encryption are not conform, their bit lengths are not according to specification.

  • A128GCM, A192GCM, A256GCM are REQUIRED to use a 96 bit IV
  • A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 are REQUIRED to use a 128 bit IV

panva avatar Nov 09 '21 15:11 panva

How about this?

if self._algorithm in ['A128GCM', 'A192GCM', 'A256GCM', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW']:
    #print("generating IV of length 96bit")
    iv = get_random_bytes(12)
else:
    #print("generating IV of length 128bit")
    iv = get_random_bytes(16)

securedimensions avatar Jul 19 '22 18:07 securedimensions