[jira] [Commented] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Frederik Libert (Jira) Thu, 19 Dec 2019 15:24:32 -0800


    [ 
https://issues.apache.org/jira/browse/CXF-8185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000480#comment-17000480
 ]


Frederik Libert commented on CXF-8185:
--------------------------------------

Working on a pull request (one for issues 8177, 8178, 8185)

> Generated Ephemeral Public Key missing in JWE Headers when Json Serialization 
> is used
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-8185
>                 URL: https://issues.apache.org/jira/browse/CXF-8185
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.4
>            Reporter: Frederik Libert
>            Priority: Blocker
>
> When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static 
> (ECDH-ES), the 
> JWA Specification says that an Ephemeral Public Key MUST be set as "epk" 
> Header Parameter (
> https://tools.ietf.org/html/rfc7518#page-16).
> The key is generated during the encryption process.
> However, it is only added to the jwe output when using compact serialization.
> When using Json serialization, the header gets lost somewhere along the way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Reply via email to