You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/01/03 15:52:00 UTC

[jira] [Resolved] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

     [ https://issues.apache.org/jira/browse/CXF-8185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-8185.
--------------------------------------
    Resolution: Fixed

> Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-8185
>                 URL: https://issues.apache.org/jira/browse/CXF-8185
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.4
>            Reporter: Frederik Libert
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>             Fix For: 3.3.5
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES), the 
> JWA Specification says that an Ephemeral Public Key MUST be set as "epk" Header Parameter (
> https://tools.ietf.org/html/rfc7518#page-16).
> The key is generated during the encryption process.
> However, it is only added to the jwe output when using compact serialization.
> When using Json serialization, the header gets lost somewhere along the way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)