[Openid-specs-ab] Question about at_hash with EdDSA
bcampbell at pingidentity.com
Tue Jun 2 21:24:44 UTC 2020
Not sure it's well-trodden exactly but
has some treatment of the subject.
On Tue, Jun 2, 2020 at 3:09 PM Justin Richer via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> I haven’t been able to find a clean answer for this, but apologies if this
> is well-trodden already.
> The ODIC spec defines at_hash (and c_hash and others) as using "the hash
> algorithm used is the hash algorithm used in the alg Header Parameter of
> the ID Token's JOSE Header”. This is clear enough for things like RS256 and
> the like.
> However, the definition of the “EdDSA” JOSE algorithm in RFC8037 (
> https://tools.ietf.org/html/rfc8037) does not define a hash algorithm in
> the same way. Edwards signatures as defined in RFC8032 (
> https://tools.ietf.org/html/rfc8032) seem to internally use SHA-512, but
> I’m not positive that’s every time or just in the case where you do the
> pre-hashing calculation. Regardless, the JOSE spec is silent on the matter.
> So the question is: which hash algorithm do we use for an “EdDSA” signed
> token when calculating at_hash and its ilk?
> — Justin
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab