Skip to content
This repository has been archived by the owner on Nov 26, 2024. It is now read-only.

Incorrect crv for secp256k1 #11

Open
OR13 opened this issue Jan 22, 2020 · 4 comments
Open

Incorrect crv for secp256k1 #11

OR13 opened this issue Jan 22, 2020 · 4 comments

Comments

@OR13
Copy link

OR13 commented Jan 22, 2020
edited
Loading

https://www.npmjs.com/package/jose

https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-03

expecting things to look more like:

{
      "crv": "secp256k1",
      "x": "JA5UfdPhdE3EdABYdSmhx06Xts7xCWOc0-zTMO-7byg",
      "y": "2ptGJHu6oSdyEMk--9yAD6okUK9h-2BU4mzyn7rDzxE",
      "d": "ikyyvmydSQxBNEtP8_rggV4xztqfuyzQh-0cXZh9iuk",
      "kty": "EC",
      "kid": "QhxsKsp2LNvS9cNp1STyryOiOrEs6f819AGemNVN5N0"
    },

Seeing;

{ kty: 'EC',
      crv: 'K-256',
      x: 'TKzoL1Fjqn8iGiyxI9xmaZyL2b5jSMLpQk_gOM__JcY',
      y: '7V1xVq7nNmSIiSSCNhNCESNoOz46ElSqW7Jw30QiqNc' }
@EternalDeiwos
Copy link
Owner

@OR13 The crv parameter is still awaiting standardisation and isn't stable. It was only last year that the crv parameter for secp256k1 was suggested to be P-256K. When I initially wrote this library there wasn't even discussion of having a registered crv name (for JOSE) for secp256k1 so I decided to use K-256 in the meanwhile.

Making this change would consititute a breaking change for this library so I'd prefer to only do that when the good folks at the IETF JOSE/COSE working group make up their minds.

@OR13
Copy link
Author

OR13 commented Jan 26, 2020

I totally understand :)

@csuwildcat
Copy link

Did you say 'slow pokes'? Oh oh, 'good folks' ;)

@EternalDeiwos
Copy link
Owner

FYI I just pushed a prerelease 2.0.0-alpha1 with this change.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@csuwildcat @EternalDeiwos @OR13