Skip to content

New CS proposal: Javascript Object Signing and Encryption (JOSE) #1225

New issue
New issue
Open
#1613
Open
New CS proposal: Javascript Object Signing and Encryption (JOSE)#1225
#1613
Assignees
caffeine-rohit
Labels
ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.NEW_CSIssue about the creation of a new cheat sheet.
@craigjbass

Description

@craigjbass
craigjbass
opened on Nov 16, 2023

What is the proposed Cheat Sheet about?

Javascript Object Signing and Encryption. In particular JWE.

What security issues are commonly encountered related to this area?

  • How to configure JWE implementations to be secure.
  • Recommended encryption algorithms
  • Traps e.g. using the same asymmetric keys between JWT and JWE. In what circumstances is this bad?

What is the objective of the Cheat Sheet?

To help people implement secure JWE implementations.

What other resources exist in this area?

Writing this because there seems to be very little guidance online, and some of it is contradictory.

The owasp cheatsheet has some guidance on best use of JWT (object signing) but no guidance on the usage of JWE.

Metadata

Metadata

Assignees

Labels

ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.NEW_CSIssue about the creation of a new cheat sheet.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions