Is JWE with ECDH-ES protected agaist invalid curve attack? #100
Unanswered
mirkojoshua
asked this question in
Q&A
Replies: 2 comments
-
|
Great question!
Yes it is. All crypto is done using the runtime native crypto lib (openssl or boringssl in electron) which does not allow to instantiate ec keys that are not on their declared curve. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Great! Thanks! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I use this fantastic lib on my project then, first of all, thanks for your work. I need to add the use of JWE with ECDH-ES into my project, and i read about invalid curve attack on JWE with ECDH-ES. Is this lib protected against this kind of attack?
Beta Was this translation helpful? Give feedback.
All reactions