[jira] [Created] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Frederik Libert (Jira) Thu, 19 Dec 2019 15:24:00 -0800

Frederik Libert created CXF-8185:
------------------------------------

             Summary: Generated Ephemeral Public Key missing in JWE Headers 
when Json Serialization is used
                 Key: CXF-8185
                 URL: https://issues.apache.org/jira/browse/CXF-8185
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.3.4
            Reporter: Frederik Libert



When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static 
(ECDH-ES), the 
JWA Specification says that an Ephemeral Public Key MUST be set as "epk" Header 
Parameter (
https://tools.ietf.org/html/rfc7518#page-16).
The key is generated during the encryption process.
However, it is only added to the jwe output when using compact serialization.
When using Json serialization, the header gets lost somewhere along the way.





--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Reply via email to