Hash algorithm names should be written in lower case #264
Comments
|
Oh Thank you @srosenda FYI: online debugger repo is here: https://github.com/lukasjhan/sd-jwt-io |
Great and thank you for providing the tool, it has been very useful!
OK, thanks. I followed the "Library" link on the debugger top bar to this repo. Should we close this and open a new issue in the debugger's repo? |
|
Hi @srosenda, I think we should keep this issue open and fix it in this library. A quick search showed that we have set it to SHA-256 in the tests, but to be compliant we should even update them. We could also set the type from string to a fixed set of strings to help developers with the lower case situation. |
This repository seems to use mixed case characters when defining hash algorithm names, see search results https://github.com/search?q=repo%3Aopenwallet-foundation%2Fsd-jwt-js+%22SHA-%22&type=code. Specifically the online tool https://www.sdjwt.co/issue seems to be fixed to use sha-256 algorithm to calculate the SD-JWT Disclosure hashes, but it outputs the algorithm name to the SD-JWT payload in upper case as
"_sd_alg": "SHA-256". This is incorrect. The hash algorithm names are defined in IANA Named Information Hash Algorithm Registry and they should be treated as case-sensitive. See also https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-14.html#section-4.1.1-2.The text was updated successfully, but these errors were encountered: