Use libjose instead of custom jwk implementation? #1
Comments
jirutka
changed the title
|
I didn't use it because I couldn't find the function I wanted (get keys from JWK) |
|
Maybe it would make sense to take this missing part (get keys from JWK) and contribute it to jose such that forces could be joined? |
|
Considering that this module is a security relevant element, especially as it enforces security requirements, it would be definitely good to re-use cryptographic implementations. Due to their (jose) focus on this topic they might also have additional tests running on the implementation. Another topic is the upcoming https://en.wikipedia.org/wiki/Cyber_Resilience_Act - concerning this it would be great to have an SBOM to be capable of checking this. So consider you have your own implementation of the crypt algorithm a bug might not be identified, but if you depend on jose and they do regular reviews and this module has an SBOM such a bug could be tracked and remedied much faster. |
jose is a C implementation of JWS and JWK (among others). It’s already packaged by major distros, as you can see on repology.
The text was updated successfully, but these errors were encountered: