Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Hi,
We are using CXF 3.2.6 and WS-Security for encryption.
We would like to use ECDH-ES for the Key Agreement. We did an investigation to check if CXF/WSS4J supports it and the result was negative. We could only find references to ECDH in the Jose modue.
Would it be possible to confirm the result of our investigation?
If indeed it's not yet supported would it be possible to give us some hints how to support it?
Please find below an example of the <ds:KeyInfo> section(extracted from https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES) using ECDH-ES for the Key Agreement.
<ds:KeyInfo>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
<!-- describes the key encryption key -->
<ds:KeyInfo>
<xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES">
<xenc11:KeyDerivationMethod Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF">
<xenc11:ConcatKDFParams AlgorithmID="00" PartyUInfo="" PartyVInfo="">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
</xenc11:ConcatKDFParams>
</xenc11:KeyDerivationMethod>
<xenc:OriginatorKeyInfo>
<ds:KeyValue>
<dsig11:ECKeyValue>
<!-- ephemeral ECC public key of the originator -->
</dsig11:ECKeyValue>
</ds:KeyValue>
</xenc:OriginatorKeyInfo>
<xenc:RecipientKeyInfo>
<ds:X509Data>
<ds:X509SKI></ds:X509SKI>
<!-- hint for the recipient's private key -->
</ds:X509Data>
</xenc:RecipientKeyInfo>
</xenc:AgreementMethod>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
Attachments
Issue Links
- links to