Add support for dynamic key detection during decryption #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @zarqman, could you please split the pull request into two smaller ones? These are really two different features, and while the first looks ok to me, the second may be open to some more discussion and review. Good job 👍 |
This was referenced May 25, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds 2 related things:
Allows arbitrary headers to be added during encryption. This allows any variety of things, including (but not limited to) any of the various key-identifying headers defined in the JWE spec.
Allows a block to be given to dynamically determine what key to use during decryption. The block is given the headers, allowing use of whatever key-identifying header may have been set during encryption. The implementation of this is very similar to dynamic key detection in ruby-jwt, making it easy to use both.
An example has been added to the README which should explain how to use both together.