[CXF-8185] Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.3.4
Fix Version/s: 3.3.5
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES), the
JWA Specification says that an Ephemeral Public Key MUST be set as "epk" Header Parameter (
https://tools.ietf.org/html/rfc7518#page-16).
The key is generated during the encryption process.
However, it is only added to the jwe output when using compact serialization.
When using Json serialization, the header gets lost somewhere along the way.

Attachments

Issue Links

relates to

CXF-8178 ECDH KeyAgreement with Key Wrapping is not in line with the specification

Closed

CXF-8177 JWE API does not support ECDH Direct Encryption/Decryption

Closed

links to

GitHub Pull Request #617

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Frederik Libert

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Dec/19 23:22

Updated:: 15/Jan/20 10:23

Resolved:: 03/Jan/20 15:51

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m