bug: detached jws encoding error

[OR13]

Describe the bug
The way utf-8 encoding is applied to detached jws causes incompatibility issues.

To Reproduce

transmute-industries/json-ld-sig-detached-jws#1

Steps to reproduce the behaviour:

1. Try to sign with b64: false some arbitrary binary
2. observe the jws that is produced does not match expectations for b64 false
3. base64url decode assumes utf8 encoded characters

Expected behaviour
base64url decode applied to the payload should not assume utf8.

Environment:
"@panva/jose": "^1.9.3",
"jose": "^1.16.0",

• node version: v12.0.0

Additional context

• [X ] i have searched the issues tracker on github for similar issues and couldn't find anything related.

[OR13]

Also, @panva Thank you for this library! I used it to test interoperability with browser JWS implementations using secp256k1 / ed25519. I have some JSON-LD signature suites that I need to update to support the features of jsonld-signatures, which is the main reason I came across this issue, and these JWS use b64: false detached jws.

[panva]

https://github.com/panva/jose/blob/master/docs/README.md#jwsverifyjws-keyorstore-options

i think you should be providing parse:false to just get a buffer back if you’re working with b64:false and arbitrary buffers

[panva]

But please provide a code snippet so that i don’t have to guess what you’re doing.

[OR13]

Sorry, I should have provided a more minimal example, I will do so.

[OR13]

https://gist.github.com/OR13/862380ac861ee2d937df2653c22ea44a

git clone git@gist.github.com:/862380ac861ee2d937df2653c22ea44a.git;
cd 862380ac861ee2d937df2653c22ea44a;
npm i
npm run test

> node test

sig1 eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..AEQgdpSMul2vr7nrC1XV9fpGu2T0KcqXQU3z--ihVGroqgDOiqvBBgrekYGHASnFztCApP82t8fipxrEGsI1Dg
sig2 eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..AEQgdpSMul2vr7nrC1XV9fpGu2T0KcqXQU3z--ihVGroqgDOiqvBBgrekYGHASnFztCApP82t8fipxrEGsI1Dg
signatures match!
sig1 eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..C2uzr4SqieLvJRg7z7CnfERM_iyN4l-QD2JlJvZwWE6A7vlxzKbjhmIQgJzHq2pXsx1vUn64e-70soFzKLCaAg
sig2 eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Tljsa5HYvhUuYbMhRZTxfOAZf0Hd6e_ovYqKcpfCClX7WsvKjk_FoWECj7ifJ1sU4r8mecyoFtVzPxr7fjsFDQ
Error: signatures do not match

This gist was modified from the comment on the original issue:

transmute-industries/json-ld-sig-detached-jws#1 (comment)

[panva]

Thank you, i can work with this.

[panva]

can you take a look at daabedc?

[OR13]

Thanks, I retested, and your fix appears to have resolved this issue.