We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug
Using unencoded option (RFC7797) with multiple signatures/recipients causes the payload to the signed JWS to get garbled.
To Reproduce
Following code will reproduce the issue:
jose = require('jose') var key1 = jose.JWK.generateSync('EC') var key2 = jose.JWK.generateSync('EC') var payload = 'test' var signer = new jose.JWS.Sign(payload) signer.recipient(key1, { b64: false, crit: ['b64'] }, {}) signer.recipient(key2, { b64: false, crit: ['b64'] }, {}) signer.sign('general')
The result is:
{ payload: '��-', signatures: [ { protected: 'eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFUzI1NiJ9', header: {}, signature: 'O63LN2RxA2aa3QoCAR2PmfJDciDGrzlJYOWF-d1JDiczHHWG_VdMZvNfof6QWvK3H3q-0LsfuCacdZng6ELLPA' }, { protected: 'eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFUzI1NiJ9', header: {}, signature: 'fKWZYFlY0HWRrF1mb3TacaLMK_awINlVWriZkwK6Re7HxtznJu6jOL99mE4oA11U8w1k3p8-L9iUBsGZiRuxrA' } ] }
Note: the weird characters in the payload. Should just be test.
test
Expected behaviour
The result should look like this:
{ payload: 'test', signatures: [ { protected: 'eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFUzI1NiJ9', header: {}, signature: 'O63LN2RxA2aa3QoCAR2PmfJDciDGrzlJYOWF-d1JDiczHHWG_VdMZvNfof6QWvK3H3q-0LsfuCacdZng6ELLPA' }, { protected: 'eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFUzI1NiJ9', header: {}, signature: 'fKWZYFlY0HWRrF1mb3TacaLMK_awINlVWriZkwK6Re7HxtznJu6jOL99mE4oA11U8w1k3p8-L9iUBsGZiRuxrA' } ] }
Environment:
jose
Additional context Add any other context about the problem here.
The above code works as expected if only one recipient is added before signing.
The text was updated successfully, but these errors were encountered:
Thanks for bringing this up.
Sorry, something went wrong.
9383d10
fix: do not mutate unencoded payload when signing for multiple parties
1695423
resolves #89
Fixed in v1.27.3.
No branches or pull requests
Describe the bug
Using unencoded option (RFC7797) with multiple signatures/recipients causes the payload to the signed JWS to get garbled.
To Reproduce
Following code will reproduce the issue:
The result is:
Note: the weird characters in the payload. Should just be
test
.Expected behaviour
The result should look like this:
Environment:
jose
version: [e.g. v1.27.2]Additional context
Add any other context about the problem here.
The above code works as expected if only one recipient is added before signing.
jose
too.The text was updated successfully, but these errors were encountered: