Fixes and improvements
- Add new
VerifyMultifunction to verify multi-signature JWS objects. The existingVerifyfunction has been changed to only accept single-signature objects. This ensures that callers do not accidentally accept multi-signature objects in contexts where they are not expected (#111, 2c5656a). - Add new
DecryptMultifunction to decrypt multi-recipient JWE messages. The existingDecryptfunction has been changed to only accept single-recipient messages. This ensures callers do not accidentally accept multi-recipient messages in contexts where they are not expected (#111, 2c5656a). - Add checks when deserializing JWS objects to ensure that any embedded JWK (if present) is valid and represents a public key (not private/symmetric key) as per spec. This is to ensure that callers don't accidentally end up accepting embedded JWKs that represent symmetric/private keys (#112, e8e21a9).
Note that this represents a subtle API change, as the Decrypt and Verify functions are now stricter than before and only accept single-signature/single-recipient inputs. To reflect this change, the minor version has been bumped.