[
https://issues.apache.org/jira/browse/CXF-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cosmin Baciu updated CXF-8126:
------------------------------
Description:
Hi,
We are using CXF 3.2.6 and WS-Security for encryption.
We would like to use ECDH-ES for the Key Agreement. We did an investigation to
check if CXF/WSS4J supports it and the result was negative. We could only find
references to ECDH in the Jose modue.
Would it be possible to confirm the result of our investigation?
If indeed it's not yet supported would it be possible to give us some hints how
to support it?
Please find below an example of the <ds:KeyInfo> section(extracted from
[https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key
Agreement.
{code:java}
<ds:KeyInfo>
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
<!-- describes the key encryption key -->
<ds:KeyInfo>
<xenc:AgreementMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES";>
<xenc11:KeyDerivationMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF";>
<xenc11:ConcatKDFParams AlgorithmID="00" PartyUInfo=""
PartyVInfo="">
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
</xenc11:ConcatKDFParams>
</xenc11:KeyDerivationMethod>
<xenc:OriginatorKeyInfo>
<ds:KeyValue>
<dsig11:ECKeyValue>
<!-- ephemeral ECC public key of the originator -->
</dsig11:ECKeyValue>
</ds:KeyValue>
</xenc:OriginatorKeyInfo>
<xenc:RecipientKeyInfo>
<ds:X509Data>
<ds:X509SKI></ds:X509SKI>
<!-- hint for the recipient's private key -->
</ds:X509Data>
</xenc:RecipientKeyInfo>
</xenc:AgreementMethod>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue><!-- encrypted AES content encryption key
--></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>{code}
was:
Hi,
We are using CXF 3.2.6 and WS-Security for encryption.
We would like to use ECDH-ES for the Key Agreement. We did an investigation to
check if CXF/WSS4J supports it and the result was negative. We could only find
references to ECDH in the Jose modue.
Would it be possible to confirm the result of our investigation?
If indeed it's not yet supported would it be possible to give us some hints how
to support it?
Please find below an example of the <ds:KeyInfo> section(extracted from
[https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key
Agreement.
<ds:KeyInfo><xenc:EncryptedKey><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/><!-- describes the key
encryption key --><ds:KeyInfo><xenc:AgreementMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES";><xenc11:KeyDerivationMethod
Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF";><xenc11:ConcatKDFParams
AlgorithmID="00" PartyUInfo="" PartyVInfo=""><ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/></xenc11:ConcatKDFParams></xenc11:KeyDerivationMethod><xenc:OriginatorKeyInfo><ds:KeyValue><dsig11:ECKeyValue><!--
ephemeral ECC public key of the originator
--></dsig11:ECKeyValue></ds:KeyValue></xenc:OriginatorKeyInfo><xenc:RecipientKeyInfo><ds:X509Data><ds:X509SKI></ds:X509SKI><!--
hint for the recipient's private key
--></ds:X509Data></xenc:RecipientKeyInfo></xenc:AgreementMethod></ds:KeyInfo><xenc:CipherData><xenc:CipherValue><!--
encrypted AES content encryption key
--></xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo>
> Support for Key Agreement using ECDH-ES
> ---------------------------------------
>
> Key: CXF-8126
> URL: https://issues.apache.org/jira/browse/CXF-8126
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 3.2.6
> Reporter: Cosmin Baciu
> Priority: Major
>
> Hi,
> We are using CXF 3.2.6 and WS-Security for encryption.
> We would like to use ECDH-ES for the Key Agreement. We did an investigation
> to check if CXF/WSS4J supports it and the result was negative. We could only
> find references to ECDH in the Jose modue.
> Would it be possible to confirm the result of our investigation?
> If indeed it's not yet supported would it be possible to give us some hints
> how to support it?
> Please find below an example of the <ds:KeyInfo> section(extracted from
> [https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key
> Agreement.
>
> {code:java}
> <ds:KeyInfo>
> <xenc:EncryptedKey>
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
> <!-- describes the key encryption key -->
> <ds:KeyInfo>
> <xenc:AgreementMethod
> Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES";>
> <xenc11:KeyDerivationMethod
> Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF";>
> <xenc11:ConcatKDFParams AlgorithmID="00" PartyUInfo=""
> PartyVInfo="">
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> </xenc11:ConcatKDFParams>
> </xenc11:KeyDerivationMethod>
> <xenc:OriginatorKeyInfo>
> <ds:KeyValue>
> <dsig11:ECKeyValue>
> <!-- ephemeral ECC public key of the originator -->
> </dsig11:ECKeyValue>
> </ds:KeyValue>
> </xenc:OriginatorKeyInfo>
> <xenc:RecipientKeyInfo>
> <ds:X509Data>
> <ds:X509SKI></ds:X509SKI>
> <!-- hint for the recipient's private key -->
> </ds:X509Data>
> </xenc:RecipientKeyInfo>
> </xenc:AgreementMethod>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue><!-- encrypted AES content encryption key
> --></xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> </ds:KeyInfo>{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
