Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8177

JWE API does not support ECDH Direct Encryption/Decryption

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.4
    • Fix Version/s: 3.3.5, 3.4.0
    • Component/s: JAX-RS Security
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Although the Apache CXF implementation of JWE supports ECDH Direct encryption/decryption, the API is not sufficiently open for it.

      A few problems:

      • KeyAlgorithm.getAlgorithm(String) does not support parsing ECDH
      • EcdhDirectKeyDecryptionAlgorithm is a private innerclass so cannot be used from the clientview perspective (different approach for different algorithms, why?)
      • EcdhDirectKeyJweDecryption makes an assumption that AES GCM is used without verifying (could be AES CBC as well)
      • JweUtils.getPrivateKeyDecryptionProvider(PrivateKey,KeyAlgorithm)  makes an assumption that AESWrap is used in case of an EC Key without veryfing the KeyAlgorithm (could be Direct as well)

      The API should support proper handling of key algorithm between client and library and should verify what is given as input to decide which key and content decrypters to use.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                frelib Frederik Libert
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m