[Cryptography] Encodings for crypto

Phillip Hallam-Baker hallam at gmail.com
Mon Feb 17 17:18:22 EST 2014

On Mon, Feb 17, 2014 at 4:03 PM, Tony Arcieri <bascule at gmail.com> wrote:

> If you're interested in this sort of thing, you should have a look at JSON
> Web Encryption:
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-21
> ...although I can't say I'm really a fan. It seems ugly to me.

On second thoughts, maybe I should explain why signature in a text based
encoding up being ugly. The encryption is just some gratuitous BASE64. Its
the signature that is a problem.

The problem is that when you have a signature you have to know exactly what
is in the signature scope. If the scope is out by one byte then
verification will fail. Text based encodings invariably end up with added
or subtracted whitespace being possible. This results in two approaches:

1) Convert the data to binary blobs with Base64.

2) Convert the text to canonical form

The second is only possible if you have a data model underlying everything
which of course JSON does not have. Well not a model that could be
considered canonicalizable. Which pushes us to the first approach.

Its not that jwe or jws are baddly designed, they are just having to solve
an ugly problem.

One simple solution to this is to say that the authentication info is
actually metadata and this belongs outside the signed object itself. So
instead of trying to cram the signature into the application/json content
of a web service request, put it in the HTTP header.

Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140217/c0846ce9/attachment.html>

More information about the cryptography mailing list