node-jose - npm Package Compare versions

Comparing version 0.9.4 to 0.9.5

CHANGELOG.md

		# Release Notes

		<a name="0.9.5"></a>
		## [0.9.5](https://github.com/cisco/node-jose/compare/0.9.4...0.9.5) (2017-08-07)

		### Update

		* prevent embedding 'oct' keys in JWS objects ([9e0c4dd81315306dc3e857142c84d69fba5c9519](https://github.com/cisco/node-jose/commit/9e0c4dd81315306dc3e857142c84d69fba5c9519))

		### Fix

		* coerce "kid" during lookup ([bbe4d739e04e2b8a9e49c1e9235fc057dc952364](https://github.com/cisco/node-jose/commit/bbe4d739e04e2b8a9e49c1e9235fc057dc952364)), closes [#109](https://github.com/cisco/node-jose/issues/109)
		* regression errors with Safari ([7d8070cba5891506e0b5e978948ef9d1ba98a81f](https://github.com/cisco/node-jose/commit/7d8070cba5891506e0b5e978948ef9d1ba98a81f)), closes [#123](https://github.com/cisco/node-jose/issues/123) [#125](https://github.com/cisco/node-jose/issues/125)

		### Doc

		* Add key hints and status badges to README ([57916db0133d5ee97c5a34f32b80a46b6d63cb3a](https://github.com/cisco/node-jose/commit/57916db0133d5ee97c5a34f32b80a46b6d63cb3a))

		### Build

		* bundle package-lock.json for devel ([3491d882b68270091ced996728b669a1c10086ef](https://github.com/cisco/node-jose/commit/3491d882b68270091ced996728b669a1c10086ef))
		* support node-v8 in travis ([60ba1e7312423ab3d1dee1f3f53c997f5b6f0d34](https://github.com/cisco/node-jose/commit/60ba1e7312423ab3d1dee1f3f53c997f5b6f0d34))


		<a name="0.9.4"></a>
		@@ -11,4 +33,9 @@ ## [0.9.4](https://github.com/cisco/node-jose/compare/0.9.3...0.9.4) (2017-04-13)
		* use npm-published base64url implementation ([c6b30c91502ffef9b9d3addc8bdb1b8b0cc36e69](https://github.com/cisco/node-jose/commit/c6b30c91502ffef9b9d3addc8bdb1b8b0cc36e69)), closes [#96](https://github.com/cisco/node-jose/issues/96)
		* use npm-published node-forge implementation ([0f4e0ab57839eaf6dd40c46be511afe3aec9ca44](https://github.com/cisco/node-jose/commit/0f4e0ab57839eaf6dd40c46be511afe3aec9ca44)), closes [#96](https://github.com/cisco/node-jose/issues/96) * Use WebCrypto API for PBKDF2 ([5e5b9d376f334fa50bb69331e3065e2011c8e9c7](https://github.com/cisco/node-jose/commit/5e5b9d376f334fa50bb69331e3065e2011c8e9c7))
		* use npm-published node-forge implementation ([0f4e0ab57839eaf6dd40c46be511afe3aec9ca44](https://github.com/cisco/node-jose/commit/0f4e0ab57839eaf6dd40c46be511afe3aec9ca44)), closes [#96](https://github.com/cisco/node-jose/issues/96)
		* Use WebCrypto API for PBKDF2 ([5e5b9d376f334fa50bb69331e3065e2011c8e9c7](https://github.com/cisco/node-jose/commit/5e5b9d376f334fa50bb69331e3065e2011c8e9c7))

		### Doc

		* Fix wrong links to JWA and JWK specifications ([538829dd4af480989422efec20a2c60f809d8d5c](https://github.com/cisco/node-jose/commit/538829dd4af480989422efec20a2c60f809d8d5c)), closes [#102](https://github.com/cisco/node-jose/issues/102)

		### Build
		@@ -21,6 +48,3 @@

		### Doc

		* Fix wrong links to JWA and JWK specifications ([538829dd4af480989422efec20a2c60f809d8d5c](https://github.com/cisco/node-jose/commit/538829dd4af480989422efec20a2c60f809d8d5c)), closes [#102](https://github.com/cisco/node-jose/issues/102)

		<a name="0.9.3"></a>
		@@ -27,0 +51,0 @@ ## [0.9.3](https://github.com/cisco/node-jose/compare/0.9.2...v0.9.3) (2017-02-20)

lib/algorithms/helpers.js

		@@ -42,5 +42,2 @@ /*!
		}
		if ("undefined" !== typeof crypto.webkitSubtle) {
		return crypto.webkitSubtle;
		}
		}
		@@ -47,0 +44,0 @@

lib/jwe/encrypt.js

		@@ -604,2 +604,5 @@ /*!
		if ("jwk" === ref) {
		if ("oct" === key.kty) {
		return Promise.reject(new Error("cannot embed key"));
		}
		header.jwk = jwk;
		@@ -606,0 +609,0 @@ } else if (ref in jwk) {

lib/jwk/keystore.js

		@@ -398,2 +398,7 @@ /*!

		// workaround for issues/109
		if (props.kid !== undefined && props.kid !== null && typeof props.kid !== "string") {
		props.kid = String(props.kid);
		}

		var candidates = [];
		@@ -480,2 +485,7 @@ var matches = function(key) {

		// workaround for issues/109
		if (props.kid !== undefined && props.kid !== null && typeof props.kid !== "string") {
		props.kid = String(props.kid);
		}

		var candidates = this.all(props, true);
		@@ -482,0 +492,0 @@ if (!candidates.length && parent && !local) {

lib/jws/sign.js

		@@ -327,2 +327,5 @@ /*!
		if ("jwk" === ref) {
		if ("oct" === key.kty) {
		return Promise.reject(new Error("cannot embed key"));
		}
		header.jwk = jwk;
		@@ -329,0 +332,0 @@ } else if (ref in jwk) {

package.json

		{
		"name": "node-jose",
		"version": "0.9.4",
		"version": "0.9.5",
		"description": "A JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers",
		@@ -47,5 +47,5 @@ "main": "lib/index.js",
		"browserify-istanbul": "^2.0.0",
		"chai": "^3.5.0",
		"chai": "^4.0.1",
		"conventional-changelog": "^1.1.0",
		"del": "^2.2.0",
		"del": "^3.0.0",
		"gulp": "^3.8.10",
		@@ -56,3 +56,3 @@ "gulp-eslint": "^3.0.1",
		"gulp-rename": "^1.2.0",
		"gulp-uglify": "^2.0.1",
		"gulp-uglify": "^3.0.0",
		"gulp-util": "^3.0.7",
		@@ -77,7 +77,7 @@ "istanbul": "^0.4.0",
		"mocha": "^3.2.0",
		"run-sequence": "^1.0.2",
		"run-sequence": "^2.0.0",
		"watchify": "^3.7.0",
		"webpack": "^2.2.1",
		"webpack-stream": "^3.2.0",
		"yargs": "^7.0.1"
		"webpack": "^3.0.0",
		"webpack-stream": "^4.0.0",
		"yargs": "^8.0.1"
		},
		@@ -84,0 +84,0 @@ "browser": {

README.md

		# node-jose #

		[![Greenkeeper badge](https://badges.greenkeeper.io/cisco/node-jose.svg)](https://greenkeeper.io/)
		[![Build Status](https://travis-ci.org/cisco/node-jose.svg?branch=master)](https://travis-ci.org/cisco/node-jose)

		@@ -22,7 +23,11 @@ A JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. This library implements (wherever possible) all algorithms, formats, and options in [JWS](https://tools.ietf.org/html/rfc7515 "Jones, M., J. Bradley and N. Sakimura, 'JSON Web Signature (JWS)' RFC 7515, May 2015"), [JWE](https://tools.ietf.org/html/rfc7516 "Jones, M. and J. Hildebrand 'JSON Web Encryption (JWE)', RFC 7516, May 2015"), [JWK](https://tools.ietf.org/html/rfc7517 "Jones, M., 'JSON Web Key (JWK)', RFC 7517, May 2015"), and [JWA](https://tools.ietf.org/html/rfc7518 "Jones, M., 'JSON Web Algorithms (JWA)', RFC 7518, May 2015") and uses native cryptographic support ([WebCrypto API](http://www.w3.org/TR/WebCryptoAPI/) or node.js' "[crypto](https://nodejs.org/api/crypto.html)" module) where feasible.
		- [Signatures](#signatures)
		- [Keys Used for Signing and Verifying](#keys-used-for-signing-and-verifying)
		- [Signing Content](#signing-content)
		- [Verifying a JWS](#verifying-a-jws)
		- [Handling `crit` Header Members](#handling-crit-header-members)
		- [Encryption](#encryption)
		- [Keys Used for Encrypting and Decrypting](#keys-used-for-encrypting-and-decrypting)
		- [Encrypting Content](#encrypting-content)
		- [Decrypting a JWE](#decrypting-a-jwe)
		- [Handling `crit` Header Members](#handling-crit-header-members-1)
		- [Useful Utilities](#useful-utilities)
		@@ -52,3 +57,3 @@ - [Converting to Buffer](#converting-to-buffer)
		```
		npm install git+ssh://git@github.com:cisco/node-jose.git
		npm install git+https://github.com/cisco/node-jose.git
		```
		@@ -230,3 +235,3 @@
		```
		kestyore.remove(key);
		keystore.remove(key);
		// NOTE: key.keystore does not change!!
		@@ -299,2 +304,15 @@ ```

		### Keys Used for Signing and Verifying ###

		When signing content, the key is expected to meet one of the following:

		1. A secret key (e.g, `"kty":"oct"`)
		2. The private key from a PKI (`"kty":"EC"` or `"kty":"RSA"`) key pair

		When verifying content, the key is expected to meet one of the following:

		1. A secret key (e.g, `"kty":"oct"`)
		2. The public key from a PKI (`"kty":"EC"` or `"kty":"RSA"`) key pair


		### Signing Content ###
		@@ -425,3 +443,3 @@

		* `Boolean`: accepts (if `true`) -- or rejects (if `false`) -- the JWS if the member is present.
		* `Boolean`: accepts (if `true`) -- or rejects (if `false`) -- the JWS if the member is present.
		* `Function`: takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
		@@ -490,2 +508,16 @@ * `Object`: An object with the following `Function` members:


		### Keys Used for Encrypting and Decrypting ###

		When encrypting content, the key is expected to meet one of the following:

		1. A secret key (e.g, `"kty":"oct"`)
		2. The public key from a PKI (`"kty":"EC"` or `"kty":"RSA"`) key pair

		When decrypting content, the key is expected to meet one of the following:

		1. A secret key (e.g, `"kty":"oct"`)
		2. The private key from a PKI (`"kty":"EC"` or `"kty":"RSA"`) key pair


		### Encrypting Content ###
		@@ -573,3 +605,3 @@
		// * header: the combined 'protected' and 'unprotected' header members
		// * protected: an array of the member names from the "protected" member
		// * protected: an array of the member names from the "protected" member
		// * key: Key used to decrypt
		@@ -595,3 +627,3 @@ // * payload: Buffer of the decrypted content

		* `Boolean`: accepts (if `true`) -- or rejects (if `false`) -- the JWE if the member is present.
		* `Boolean`: accepts (if `true`) -- or rejects (if `false`) -- the JWE if the member is present.
		* `Function`: takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
		@@ -598,0 +630,0 @@ * `Object`: An object with the following `Function` members:

.travis.yml

node-jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics