packages feed

sd-jwt 0.1.0.0 → 0.1.0.1

raw patch · 5 files changed

+45/−35 lines, 5 filesdep ~bytestringPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: bytestring

API changes (from Hackage documentation)

Files

CHANGELOG.md view
@@ -6,6 +6,15 @@ and this project adheres to the [Haskell Package Versioning Policy](https://pvp.haskell.org/). +## 0.1.0.1 - 2025-01-10++### Fixed+- Corrected documentation regarding RS256 deprecation status: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures. Previous documentation incorrectly stated RS256 was deprecated for signatures.++### Documentation+- Updated README.md, source code comments, and module documentation to clarify RS256 deprecation status+- PS256 (RSA-PSS) remains the recommended default for RSA keys+ ## 0.1.0.0 - 2025-01-09  ### Added@@ -18,7 +27,7 @@ - Multiple hash algorithms: SHA-256 (default), SHA-384, SHA-512 - Multiple signing algorithms:   - PS256 (RSA-PSS) - Default for RSA keys, recommended for security-  - RS256 (RSA-PKCS#1 v1.5) - Deprecated but supported for backward compatibility+  - RS256 (RSA-PKCS#1 v1.5) - Supported for signatures (deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15)   - ES256 (EC P-256) - Elliptic Curve signing   - EdDSA (Ed25519) - Recommended for high-security applications - Persona-specific modules: `SDJWT.Issuer`, `SDJWT.Holder`, `SDJWT.Verifier`@@ -31,7 +40,7 @@  ### Security - PS256 (RSA-PSS) is the default algorithm for RSA keys (security best practice)-- RS256 (RSA-PKCS#1 v1.5) is deprecated per draft-ietf-jose-deprecate-none-rsa15 due to padding oracle attack vulnerabilities+- RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures - EC signing timing attack warning documented (affects signing only, not verification) - RFC 8725bis compliance: algorithm validation, typ header support, "none" algorithm rejection 
README.md view
@@ -2,7 +2,6 @@  [![CI](https://github.com/yaronf/sd-jwt/actions/workflows/ci.yml/badge.svg)](https://github.com/yaronf/sd-jwt/actions/workflows/ci.yml) [![Hackage](https://img.shields.io/hackage/v/sd-jwt)](https://hackage.haskell.org/package/sd-jwt)-[![Hackage deps](https://img.shields.io/hackage-deps/v/sd-jwt)](https://hackage.haskell.org/package/sd-jwt)  [![Haddocks](https://img.shields.io/badge/docs-haddock-blue)](https://hackage.haskell.org/package/sd-jwt/docs) [![License](https://img.shields.io/badge/license-BSD--3--Clause-blue)](LICENSE)@@ -21,7 +20,7 @@ - ✅ Key Binding support (SD-JWT+KB) - ✅ Nested and recursive disclosures - ✅ Multiple hash algorithms (SHA-256, SHA-384, SHA-512)-- ✅ Multiple signing algorithms: PS256 (RSA-PSS, default), RS256 (deprecated), ES256 (EC P-256), EdDSA (Ed25519)+- ✅ Multiple signing algorithms: PS256 (RSA-PSS, default), RS256 (RSA-PKCS#1 v1.5), ES256 (EC P-256), EdDSA (Ed25519)  ## Status @@ -62,7 +61,7 @@  ⚠️ **Security Warning**: When using Elliptic Curve (EC) keys (ES256 algorithm), be aware that the underlying `jose` library's EC signing implementation may be vulnerable to timing attacks. This affects signing only, not verification. For applications where timing attacks are a concern, consider using RSA-PSS (PS256, default for RSA keys) or Ed25519 (EdDSA) keys instead. -**Note**: RS256 (RSA-PKCS#1 v1.5) is deprecated per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/) due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is the recommended RSA algorithm and is used by default for RSA keys.+**Note**: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but remains valid for signatures. PS256 (RSA-PSS) is the recommended RSA algorithm and is used by default for RSA keys.  ```haskell import SDJWT.Issuer@@ -222,7 +221,7 @@ ### Signing Algorithms  - **PS256 (RSA-PSS)** - Default for RSA keys, recommended for security-- **RS256 (RSA-PKCS#1 v1.5)** - Deprecated per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but still supported for backward compatibility+- **RS256 (RSA-PKCS#1 v1.5)** - Supported for signatures (deprecated for encryption per [draft-ietf-jose-deprecate-none-rsa15](https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/), but not for signatures) - **ES256 (EC P-256)** - Elliptic Curve, may be vulnerable to timing attacks during signing - **EdDSA (Ed25519)** - Recommended for high-security applications 
sd-jwt.cabal view
@@ -5,10 +5,10 @@ -- see: https://github.com/sol/hpack  name:           sd-jwt-version:        0.1.0.0+version:        0.1.0.1 synopsis:       Selective Disclosure for JSON Web Tokens (RFC 9901) description:    Implementation of RFC 9901: Selective Disclosure for JSON Web Tokens (SD-JWT)-category:       Security+category:       Web homepage:       https://github.com/yaronf/sd-jwt#readme bug-reports:    https://github.com/yaronf/sd-jwt/issues author:         Yaron Sheffer@@ -81,20 +81,20 @@   build-depends:       aeson >=2.0 && <2.3     , base >=4.14 && <5-    , base64-bytestring >=1.2 && <1.3-    , bytestring >=0.11 && <0.13-    , containers >=0.6 && <0.7-    , cryptonite >=0.30 && <0.31+    , base64-bytestring ==1.2.*+    , bytestring ==0.11.*+    , containers ==0.6.*+    , cryptonite ==0.30.*     , directory ==1.3.*     , jose >=0.10 && <0.13     , lens >=4.16 && <5.4-    , memory >=0.18 && <0.19+    , memory ==0.18.*     , mtl >=2.2 && <3-    , scientific >=0.3 && <0.4+    , scientific ==0.3.*     , sd-jwt-    , text >=2.0 && <2.1+    , text ==2.0.*     , time >=1.9 && <1.13-    , vector >=0.13 && <0.14+    , vector ==0.13.*   default-language: Haskell2010  executable sd-jwt-interop-test@@ -105,7 +105,7 @@       TestKeys   hs-source-dirs:       test/interop-    , test+      test   ghc-options: -Wall -Wcompat -Widentities -Wincomplete-record-updates -Wincomplete-uni-patterns -Wmissing-export-lists -Wmissing-home-modules -Wpartial-fields -Wredundant-constraints -Wunused-packages -Wmissing-deriving-strategies -Wno-missing-import-lists -Wno-unused-imports -Wunused-type-patterns -Wunused-record-wildcards -Wredundant-record-wildcards -Wtype-defaults -Wunused-do-bind -Wunused-foralls -Wdeprecations -Wnoncanonical-monad-instances -Wall -threaded -rtsopts -with-rtsopts=-N   build-depends:       aeson >=2.0 && <2.3@@ -167,10 +167,10 @@       QuickCheck >=2.14     , aeson >=2.0 && <2.3     , base >=4.14 && <5-    , base64-bytestring >=1.2 && <1.3-    , bytestring >=0.11 && <0.13-    , containers >=0.6 && <0.7-    , cryptonite >=0.30 && <0.31+    , base64-bytestring ==1.2.*+    , bytestring ==0.11.*+    , containers ==0.6.*+    , cryptonite ==0.30.*     , directory >=1.3     , doctest >=0.22     , filepath >=1.4@@ -178,11 +178,12 @@     , jose >=0.10 && <0.13     , lens >=4.16 && <5.4     , markdown-unlit >=0.5+    , memory ==0.18.*     , mtl >=2.2 && <3     , process >=1.6-    , scientific >=0.3 && <0.4+    , scientific ==0.3.*     , sd-jwt-    , text >=2.0 && <2.1+    , text ==2.0.*     , time >=1.9-    , vector >=0.13 && <0.14+    , vector ==0.13.*   default-language: Haskell2010
src/SDJWT/Internal/JWT.hs view
@@ -71,11 +71,11 @@       if kty == "RSA"         then do           -- Check if JWK specifies algorithm (RFC 7517 allows optional "alg" field)-          -- RS256 is deprecated per draft-ietf-jose-deprecate-none-rsa15 (padding oracle attacks)-          -- Default to PS256 (RSA-PSS) for security; RS256 can be explicitly requested but is deprecated+          -- RS256 is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures+          -- Default to PS256 (RSA-PSS) as recommended; RS256 can be explicitly requested           case KeyMap.lookup (Key.fromText "alg") obj of-            Just (Aeson.String "RS256") -> Right "RS256"  -- Deprecated but still supported for compatibility-            _ -> Right "PS256"  -- Default to PS256 (RSA-PSS) for security+            Just (Aeson.String "RS256") -> Right "RS256"  -- Supported for signatures+            _ -> Right "PS256"  -- Default to PS256 (RSA-PSS) as recommended         else if kty == "EC"           then do             -- Check curve for EC keys (only P-256 is supported)@@ -98,14 +98,15 @@     _ -> Left $ InvalidSignature "Invalid JWK format: expected object"  -- | Convert algorithm string to JWA.Alg--- Supports RSA-PSS (PS256, default) and RSA-PKCS#1 v1.5 (RS256, deprecated per draft-ietf-jose-deprecate-none-rsa15).--- RS256 is deprecated due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is recommended.+-- Supports RSA-PSS (PS256, default) and RSA-PKCS#1 v1.5 (RS256).+-- RS256 is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15, but remains valid for signatures.+-- PS256 (RSA-PSS) is recommended and used as the default. toJwsAlg :: T.Text -> Either SDJWTError JWA.Alg-toJwsAlg "RS256" = Right JWA.RS256  -- Deprecated: Use PS256 instead (draft-ietf-jose-deprecate-none-rsa15)+toJwsAlg "RS256" = Right JWA.RS256  -- Supported for signatures toJwsAlg "PS256" = Right JWA.PS256 toJwsAlg "EdDSA" = Right JWA.EdDSA toJwsAlg "ES256" = Right JWA.ES256-toJwsAlg alg = Left $ InvalidSignature $ "Unsupported algorithm: " <> alg <> " (supported: PS256 default, RS256 deprecated, EdDSA, ES256)"+toJwsAlg alg = Left $ InvalidSignature $ "Unsupported algorithm: " <> alg <> " (supported: PS256 default, RS256, EdDSA, ES256)"  -- | Sign a JWT payload using a private key. --
src/SDJWT/Issuer.hs view
@@ -14,9 +14,9 @@ -- For applications where timing attacks are a concern, consider using RSA-PSS (PS256) -- or Ed25519 (EdDSA) keys instead, which do not have this limitation. ----- Note: RS256 (RSA-PKCS#1 v1.5) is deprecated per draft-ietf-jose-deprecate-none-rsa15--- due to padding oracle attack vulnerabilities. PS256 (RSA-PSS) is the recommended--- RSA algorithm and is used by default for RSA keys.+-- Note: RS256 (RSA-PKCS#1 v1.5) is deprecated for encryption per draft-ietf-jose-deprecate-none-rsa15,+-- but remains valid for signatures. PS256 (RSA-PSS) is the recommended RSA algorithm+-- and is used by default for RSA keys. -- -- == Usage --