Skip to content

Commit

Permalink
Remove emoji to fix the broken documentation link (#632)
Browse files Browse the repository at this point in the history
Co-authored-by: Jim Anderson <[email protected]>
  • Loading branch information
edigaryev and jimmyjames authored Oct 25, 2022
1 parent 3cff66f commit 4c2533d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey);

> Note: How you obtain or read keys is not in the scope of this library. For an example of how you might implement this, see [this gist](https://gist.github.com/lbalmaceda/9a0c7890c2965826c04119dcfb1a5469).
##### :key: HMAC Key Length and Security
##### HMAC Key Length and Security

When using a Hash-based Message Authentication Code, e.g. HS256 or HS512, in order to comply with the strict requirements of the JSON Web Algorithms (JWA) specification (RFC7518), you **must** use a secret key which has the same (or larger) bit length as the size of the output hash. This is to avoid weakening the security strength of the authentication code (see NIST recommendations NIST SP 800-117). For example, when using HMAC256, the secret key length must be a minimum of 256 bits.

Expand Down

0 comments on commit 4c2533d

Please sign in to comment.