jwt icon indicating copy to clipboard operation
jwt copied to clipboard

Published 20 hours ago verified publisher icon psecio

Decrypt Doesn't Validate MAC

Open ircmaxell opened this issue 11 years ago • 0 comments

Presently, encrypt encodes its result using a MAC, which is good.

However, decrypt never decodes the result, and as such never validates the MAC.

This is an absolute requirement that decryption should not happen unless the MAC is valid (the MAC must be checked prior to decrypting).

ircmaxell avatar Jul 25 '14 14:07 ircmaxell