Is JWE with ECDH-ES protected agaist invalid curve attack? #100

mirkojoshua · 2020-11-10T16:30:27Z

mirkojoshua
Nov 10, 2020

Hi,
I use this fantastic lib on my project then, first of all, thanks for your work. I need to add the use of JWE with ECDH-ES into my project, and i read about invalid curve attack on JWE with ECDH-ES. Is this lib protected against this kind of attack?

panva · 2020-11-10T16:47:50Z

panva
Nov 10, 2020
Maintainer

Great question!

Is this lib protected against this kind of attack?

Yes it is. All crypto is done using the runtime native crypto lib (openssl or boringssl in electron) which does not allow to instantiate ec keys that are not on their declared curve.

0 replies

mirkojoshua · 2020-11-10T17:04:08Z

mirkojoshua
Nov 10, 2020
Author

Great! Thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is JWE with ECDH-ES protected agaist invalid curve attack? #100

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Is JWE with ECDH-ES protected agaist invalid curve attack? #100

mirkojoshua Nov 10, 2020

Replies: 2 comments

panva Nov 10, 2020 Maintainer

mirkojoshua Nov 10, 2020 Author

mirkojoshua
Nov 10, 2020

panva
Nov 10, 2020
Maintainer

mirkojoshua
Nov 10, 2020
Author