jwe 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of jwe might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -4
  3. data/README.md +2 -2
  4. data/lib/jwe/alg/rsa_oaep_256.rb +22 -0
  5. data/lib/jwe/alg.rb +1 -0
  6. data/lib/jwe/enc/aes_cbc_hs.rb +2 -2
  7. data/lib/jwe/version.rb +1 -1
  8. data/spec/jwe/alg_spec.rb +23 -0
  9. metadata +5 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f9b0c6b1a25f2248646f35e0879debdaa3cf80983b23f5eb485bfc60c7c8c28f
4
- data.tar.gz: 62b5d86d4d85130de7c4d38976678f6df8bfd31d9cdbfe00de8cfd4626052e0f
3
+ metadata.gz: 86f868ba1b70133d7600b4e6cea7133f84f72ab76f0b16922eec4a332d0edd98
4
+ data.tar.gz: a7629f6a7b4a3696bcce6d5f8393b5774b54901d8b20c34255bf853fab406dc0
5
5
  SHA512:
6
- metadata.gz: 65a4bf04a9400f563735c91582b5d61a361a32971489431e098a35a21a2952a2517ac126cfb1ff806eaffe5444ee935d6f3c273eeebc8690720814fa1ee0f521
7
- data.tar.gz: 288e86713b00064cdf1b388f8bea1007bda0c6fc45a34be50514724d706b29618bb1e37ebf892cfafa93e144265bba914839f4ecdad8e804a1971afe077adc74
6
+ metadata.gz: 8d1945714ca91325ecc3ff81c1852082771ab308c322e1ab53642d3d8859613af846520e4da20b46411343db4b7926cae7cad484cafd202c355e3931a39ba1f8
7
+ data.tar.gz: cc076be886f8798680cd504159d14547229f9013e5f6ccdaf4b0afb5db071d5e75c4a4539c9f19857e69e39417e876adcb5a650a3b0d8a494f70221ea343c6f5
data/CHANGELOG.md CHANGED
@@ -1,14 +1,22 @@
1
1
  # Changelog
2
2
 
3
- ## [v1.0.0](https://github.com/jwt/ruby-jwe/tree/v1.0.0) (NEXT)
3
+ ## [v1.1.0](https://github.com/jwt/ruby-jwe/tree/v1.1.0) (2025-07-22)
4
+
5
+ [Full Changelog](https://github.com/jwt/ruby-jwe/compare/v1.0.0...v1.1.0)
6
+
7
+ **Features:**
8
+
9
+ - Add RsaOaep256 algorithm (https://github.com/jwt/ruby-jwe/pull/31)
10
+
11
+ ## [v1.0.0](https://github.com/jwt/ruby-jwe/tree/v1.0.0) (2025-02-16)
4
12
 
5
13
  [Full Changelog](https://github.com/jwt/ruby-jwe/compare/v0.4.0...v1.0.0)
6
14
 
7
15
  **Features:**
8
16
 
9
- - Support Ruby 3.4 (#26)(https://github.com/jwt/ruby-jwe/pull/26)
10
- - Drop support for Ruby versions prior to 2.5 (#27)(https://github.com/jwt/ruby-jwe/pull/27)
17
+ - Support Ruby 3.4 (https://github.com/jwt/ruby-jwe/pull/26)
18
+ - Drop support for Ruby versions prior to 2.5 (https://github.com/jwt/ruby-jwe/pull/27)
11
19
 
12
20
  **Fixes and enhancements:**
13
21
 
14
- - Refreshed codebase (CI and linter fixes) (#27)(https://github.com/jwt/ruby-jwe/pull/27), (#28)(https://github.com/jwt/ruby-jwe/pull/28)
22
+ - Refreshed codebase (CI and linter fixes) (https://github.com/jwt/ruby-jwe/pull/27, https://github.com/jwt/ruby-jwe/pull/28)
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # JWE
2
2
 
3
- [![Build Status](https://github.com/jwt/ruby-jwe/workflows/test/badge.svg?branch=master)](https://github.com/jwt/ruby-jwe/actions)
3
+ [![Build Status](https://github.com/jwt/ruby-jwe/actions/workflows/test.yml/badge.svg)](https://github.com/jwt/ruby-jwe/actions/workflows/test.yml)
4
4
  [![Gem Version](https://badge.fury.io/rb/jwe.svg)](https://badge.fury.io/rb/jwe)
5
5
 
6
6
  A ruby implementation of the [RFC 7516 JSON Web Encryption (JWE)](https://tools.ietf.org/html/rfc7516) standard.
@@ -96,7 +96,7 @@ Only a subset of these algorithms is implemented in this gem. Striked elements a
96
96
  Key management:
97
97
  * RSA1_5
98
98
  * RSA-OAEP (default)
99
- * ~~RSA-OAEP-256~~
99
+ * RSA-OAEP-256 (if OpenSSL::VERSION >= '3.0')
100
100
  * A128KW
101
101
  * A192KW
102
102
  * A256KW
data/lib/jwe/alg/rsa_oaep_256.rb ADDED
@@ -0,0 +1,22 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWE
4
+ module Alg
5
+ # RSA-OAEP-256 key encryption algorithm.
6
+ class RsaOaep256
7
+ attr_accessor :key
8
+
9
+ def initialize(key)
10
+ self.key = key
11
+ end
12
+
13
+ def encrypt(cek)
14
+ key.encrypt(cek, { rsa_padding_mode: 'oaep', rsa_oaep_md: 'sha256' })
15
+ end
16
+
17
+ def decrypt(encrypted_cek)
18
+ key.decrypt(encrypted_cek, { rsa_padding_mode: 'oaep', rsa_oaep_md: 'sha256' })
19
+ end
20
+ end
21
+ end
22
+ end
data/lib/jwe/alg.rb CHANGED
@@ -5,6 +5,7 @@ require 'jwe/alg/a192_kw'
5
5
  require 'jwe/alg/a256_kw'
6
6
  require 'jwe/alg/dir'
7
7
  require 'jwe/alg/rsa_oaep'
8
+ require 'jwe/alg/rsa_oaep_256' if OpenSSL::VERSION >= '3.0'
8
9
  require 'jwe/alg/rsa15'
9
10
 
10
11
  module JWE
data/lib/jwe/enc/aes_cbc_hs.rb CHANGED
@@ -64,11 +64,11 @@ module JWE
64
64
  end
65
65
 
66
66
  def mac_key
67
- cek[0...key_length / 2]
67
+ cek[0...(key_length / 2)]
68
68
  end
69
69
 
70
70
  def enc_key
71
- cek[key_length / 2..-1]
71
+ cek[(key_length / 2)..-1]
72
72
  end
73
73
 
74
74
  def cipher
data/lib/jwe/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JWE
4
- VERSION = '1.0.0'
4
+ VERSION = '1.1.0'
5
5
  end
data/spec/jwe/alg_spec.rb CHANGED
@@ -55,6 +55,29 @@ describe JWE::Alg::RsaOaep do
55
55
  end
56
56
  end
57
57
 
58
+ if OpenSSL::VERSION >= '3.0'
59
+ describe JWE::Alg::RsaOaep256 do
60
+ let(:alg) { JWE::Alg::RsaOaep256.new(key) }
61
+
62
+ describe '#encrypt' do
63
+ it 'returns an encrypted string' do
64
+ expect(alg.encrypt('random key')).to_not eq 'random key'
65
+ end
66
+ end
67
+
68
+ it 'decrypts the encrypted key to the original key' do
69
+ ciphertext = alg.encrypt('random key')
70
+ expect(alg.decrypt(ciphertext)).to eq 'random key'
71
+ end
72
+ end
73
+ else
74
+ describe JWE::Alg do
75
+ it 'raises an error for rsa-oaep-256 if openssl < 3.0' do
76
+ expect { JWE::Alg.for('rsa-oaep-256') }.to raise_error(JWE::NotImplementedError)
77
+ end
78
+ end
79
+ end
80
+
58
81
  describe JWE::Alg::Rsa15 do
59
82
  let(:alg) { JWE::Alg::Rsa15.new(key) }
60
83
 
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwe
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Francesco Boffa
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2025-02-16 00:00:00.000000000 Z
10
+ date: 1980-01-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: base64
@@ -50,6 +49,7 @@ files:
50
49
  - lib/jwe/alg/dir.rb
51
50
  - lib/jwe/alg/rsa15.rb
52
51
  - lib/jwe/alg/rsa_oaep.rb
52
+ - lib/jwe/alg/rsa_oaep_256.rb
53
53
  - lib/jwe/base64.rb
54
54
  - lib/jwe/enc.rb
55
55
  - lib/jwe/enc/a128cbc_hs256.rb
@@ -78,9 +78,8 @@ licenses:
78
78
  - MIT
79
79
  metadata:
80
80
  bug_tracker_uri: https://github.com/jwt/ruby-jwe/issues
81
- changelog_uri: https://github.com/jwt/ruby-jwe/blob/v1.0.0/CHANGELOG.md
81
+ changelog_uri: https://github.com/jwt/ruby-jwe/blob/v1.1.0/CHANGELOG.md
82
82
  rubygems_mfa_required: 'true'
83
- post_install_message:
84
83
  rdoc_options: []
85
84
  require_paths:
86
85
  - lib
@@ -95,8 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
95
94
  - !ruby/object:Gem::Version
96
95
  version: '0'
97
96
  requirements: []
98
- rubygems_version: 3.5.11
99
- signing_key:
97
+ rubygems_version: 3.6.7
100
98
  specification_version: 4
101
99
  summary: JSON Web Encryption implementation in Ruby
102
100
  test_files: []