-
Notifications
You must be signed in to change notification settings - Fork 361
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider validating key length #385
Comments
Thanks for opening a clear and concise issue with possible solutions. Option 1 - Seems like we should do it regardless. Option 2 - I'll dig up the issue(s), but I think @oxisto was fairly against doing key validation as this opens up questions like "what is a reasonable key size", however, for certain signing methods maybe there's an argument. I like the idea of a "strict" function to avoid breaking existing users, although one could also argue that there should be exactly one way to do things and the function should do the right thing. I need to refresh my memory on a few bits, but will come back to this and also wait on @oxisto to chime in. |
I am thinking whether this would be the first use-case for the |
Yes! I think this is an excellent use case for that option. Although it's too bad this is an opt-in, instead of the default behavior.
Not sure what the right name is, but I think this is probably the correct path forward. |
Thanks for the comments. I hadn't even noticed that
I like this but my only comment is: I think "Validation" might be too broad a term. Because somebody could still create a totally bogus signing secret (all 0s for example) that is the correct length but not random. Maybe
As long as it's in a major version I think this is a good path forward. I just don't want to brick any APIs that are currently functioning (though you might argue that this is better than people discovering their JWTs are less securely signed than they think they are via other means). I use this library on multiple projects and I'd be willing to help out on this if you want a pull request. I think the documentation/examples approach is for sure the best first step. I think key length validation might get a bit more complicated for signing methods other than HMAC (where the RFC has easy-to-follow guidelines) but I'd be willing to take a stab at it. |
We're always open to contributions. While some issues might become stale and responses may be delayed, we remain quite active overall. For me, one of the key aspects is ensuring stability and backward compatibility across minor versions. We're treading a delicate balance where we might argue a security fix warrants a breaking change, but these instances should be extremely rare. Feel free to update the documentation or take a stab at an implementation, even if it serves only as a reference for future major version considerations. |
The Problem
Right now the following code executes without error:
Output:
Per RFC 7518 I believe the key should be 256 bits or longer:
Possible Solutions
1. Documentation/Examples
This might be a documentation issue. I believe some of the onus is on the developers consuming this package to understand how JWTs/HMAC works. But - it would be nice if secret key size was mentioned somewhere. For example here:
We could also include an example of how to generate a key using crypto/rand.
2. Return an error
Since the RFC says in all caps "MUST be used", this might be considered an error state. In that case,
token.SignedString
could return an error in the event thatlen(key) < appropriate
based on the signing method. I think this would be preferable to people thinking their JWT implementation is secure when it's not. To maintain backwards compatibility we could make a newtoken.SignedStringStrict
that enforces this, leavingSignedString
alone.Consider the following scenario: you deploy an API using
golang-jwt
to a cloud platform. You expose your signing secret via a secret manager as an environment variable. If something went wrong and the signing secret was actually an empty byte array, I would want that to error out. Thus I would default to the newSignedStringStrict
for projects going forward.The text was updated successfully, but these errors were encountered: