Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8185

Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.3.4
    • Fix Version/s: 3.3.5
    • Component/s: JAX-RS Security
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES), the
      JWA Specification says that an Ephemeral Public Key MUST be set as "epk" Header Parameter (
      https://tools.ietf.org/html/rfc7518#page-16).
      The key is generated during the encryption process.
      However, it is only added to the jwe output when using compact serialization.
      When using Json serialization, the header gets lost somewhere along the way.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                frelib Frederik Libert
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m