You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2019/10/08 08:50:00 UTC
[jira] [Commented] (CXF-8126) Support for Key Agreement using
ECDH-ES
[ https://issues.apache.org/jira/browse/CXF-8126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16946636#comment-16946636 ]
Colm O hEigeartaigh commented on CXF-8126:
------------------------------------------
Hi,
It's correct that CXF / WSS4J do not support Key Agreement. The underlying reason is that it is not supported in Apache Santuario, which provides the XML Encryption implementation:
[https://github.com/apache/santuario-java]
If you are interested, please consider creating a pull request for this feature there and I will review it.
Colm.
> Support for Key Agreement using ECDH-ES
> ---------------------------------------
>
> Key: CXF-8126
> URL: https://issues.apache.org/jira/browse/CXF-8126
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 3.2.6
> Reporter: Cosmin Baciu
> Priority: Major
>
> Hi,
> We are using CXF 3.2.6 and WS-Security for encryption.
> We would like to use ECDH-ES for the Key Agreement. We did an investigation to check if CXF/WSS4J supports it and the result was negative. We could only find references to ECDH in the Jose modue.
> Would it be possible to confirm the result of our investigation?
> If indeed it's not yet supported would it be possible to give us some hints how to support it?
> Please find below an example of the <ds:KeyInfo> section(extracted from [https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES]) using ECDH-ES for the Key Agreement.
>
> {code:java}
> <ds:KeyInfo>
> <xenc:EncryptedKey>
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
> <!-- describes the key encryption key -->
> <ds:KeyInfo>
> <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES">
> <xenc11:KeyDerivationMethod Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF">
> <xenc11:ConcatKDFParams AlgorithmID="00" PartyUInfo="" PartyVInfo="">
> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> </xenc11:ConcatKDFParams>
> </xenc11:KeyDerivationMethod>
> <xenc:OriginatorKeyInfo>
> <ds:KeyValue>
> <dsig11:ECKeyValue>
> <!-- ephemeral ECC public key of the originator -->
> </dsig11:ECKeyValue>
> </ds:KeyValue>
> </xenc:OriginatorKeyInfo>
> <xenc:RecipientKeyInfo>
> <ds:X509Data>
> <ds:X509SKI></ds:X509SKI>
> <!-- hint for the recipient's private key -->
> </ds:X509Data>
> </xenc:RecipientKeyInfo>
> </xenc:AgreementMethod>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedKey>
> </ds:KeyInfo>{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)