[jira] [Updated] (CXF-8126) Support for Key Agreement using ECDH-ES

Sun, 29 Sep 2019 04:15:29 -0700 


     [ 
https://issues.apache.org/jira/browse/CXF-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cosmin Baciu updated CXF-8126:
------------------------------
    Component/s:     (was: JAX-WS Runtime)
                 WS-* Components

> Support for Key Agreement using ECDH-ES
> ---------------------------------------
>
>                 Key: CXF-8126
>                 URL: https://issues.apache.org/jira/browse/CXF-8126
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 3.2.6
>            Reporter: Cosmin Baciu
>            Priority: Major
>
> Hi,
> We are using CXF 3.2.6 and WS-Security for encryption.
> We would like to use ECDH-ES for the Key Agreement. We did an investigation 
> to check if CXF/WSS4J supports it and the result was negative. We could only 
> find references to ECDH in the Jose modue.
> Would it be possible to confirm the result of our investigation?
> If indeed it's not yet supported would it be possible to give us some hints 
> how to support it? 
> Please find below an example of the <ds:KeyInfo> section(extracted from 
> [https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key 
> Agreement.
>  
> <ds:KeyInfo><xenc:EncryptedKey><xenc:EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/><!-- describes the 
> key encryption key --><ds:KeyInfo><xenc:AgreementMethod 
> Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES";><xenc11:KeyDerivationMethod
>  
> Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF";><xenc11:ConcatKDFParams 
> AlgorithmID="00" PartyUInfo="" PartyVInfo=""><ds:DigestMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/></xenc11:ConcatKDFParams></xenc11:KeyDerivationMethod><xenc:OriginatorKeyInfo><ds:KeyValue><dsig11:ECKeyValue><!--
>  ephemeral ECC public key of the originator 
> --></dsig11:ECKeyValue></ds:KeyValue></xenc:OriginatorKeyInfo><xenc:RecipientKeyInfo><ds:X509Data><ds:X509SKI></ds:X509SKI><!--
>  hint for the recipient's private key 
> --></ds:X509Data></xenc:RecipientKeyInfo></xenc:AgreementMethod></ds:KeyInfo><xenc:CipherData><xenc:CipherValue><!--
>  encrypted AES content encryption key 
> --></xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo>



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to