Cosmin Baciu created CXF-8126:
---------------------------------
Summary: Support for Key Agreement using ECDH-ES
Key: CXF-8126
URL: https://issues.apache.org/jira/browse/CXF-8126
Project: CXF
Issue Type: New Feature
Components: JAX-WS Runtime
Affects Versions: 3.2.6
Reporter: Cosmin Baciu
Hi,
We are using CXF 3.2.6 and WS-Security for encryption.
We would like to use ECDH-ES for the Key Agreement. We did an investigation to
check if CXF/WSS4J supports it and the result was negative. We could only find
references to ECDH in the Jose modue.
Would it be possible to confirm the result of our investigation?
If indeed it's not yet supported would it be possible to give us some hints how
to support it?
Please find below an example of the <ds:KeyInfo> section(extracted from
[https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key
Agreement.
<ds:KeyInfo><xenc:EncryptedKey><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/><!-- describes the key
encryption key --><ds:KeyInfo><xenc:AgreementMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES";><xenc11:KeyDerivationMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF";><xenc11:ConcatKDFParams
AlgorithmID="00" PartyUInfo="" PartyVInfo=""><ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/></xenc11:ConcatKDFParams></xenc11:KeyDerivationMethod><xenc:OriginatorKeyInfo><ds:KeyValue><dsig11:ECKeyValue><!--
ephemeral ECC public key of the originator
--></dsig11:ECKeyValue></ds:KeyValue></xenc:OriginatorKeyInfo><xenc:RecipientKeyInfo><ds:X509Data><ds:X509SKI></ds:X509SKI><!--
hint for the recipient's private key
--></ds:X509Data></xenc:RecipientKeyInfo></xenc:AgreementMethod></ds:KeyInfo><xenc:CipherData><xenc:CipherValue><!--
encrypted AES content encryption key
--></xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
