Hi ,
Does verify JWT policy supports algorithm - RSA-OEAP .
Needs to decrypt JWE payload which is a JSON . I had created a topic for same topic with different algorithm which is solved .(https://www.googlecloudcommunity.com/gc/Apigee/How-to-verify-Nested-JWT-token/m-p/395924#M69468)
Best Regards,Patty
Solved! Go to Solution.
No, the VerifyJWT policy that is builtin to Apigee does not support RSA-OAEP.
Currently, for the RSA family, the built-in policy supports RSA-OAEP-256. But not RSA-OAEP, which is defined as RSA with OAEP using default parameters, including SHA-1 for the hash function.
About 5 years ago, Google announced the first known collision-generation approach for SHA-1. At the time of that announcement, the Google security researchers wrote:
When we released support for JWE in Apigee, during security review, we explicitly decided to not support RSA-OAEP in the builtin function, because of its dependence on SHA-1. We encourage you to use RSA-OAEP-256 if you would like to continue to use RSA algorithms. Or, use an elliptic curve algorithm for better efficiency.
If you MUST use RSA-OAEP, then you can use this java callout.
No, the VerifyJWT policy that is builtin to Apigee does not support RSA-OAEP.
Currently, for the RSA family, the built-in policy supports RSA-OAEP-256. But not RSA-OAEP, which is defined as RSA with OAEP using default parameters, including SHA-1 for the hash function.
About 5 years ago, Google announced the first known collision-generation approach for SHA-1. At the time of that announcement, the Google security researchers wrote:
When we released support for JWE in Apigee, during security review, we explicitly decided to not support RSA-OAEP in the builtin function, because of its dependence on SHA-1. We encourage you to use RSA-OAEP-256 if you would like to continue to use RSA algorithms. Or, use an elliptic curve algorithm for better efficiency.
If you MUST use RSA-OAEP, then you can use this java callout.
Thank you Dino . We are moving out of the RSA-OEAP . Thank you for your insight .