[jira] [Assigned] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Colm O hEigeartaigh (Jira) Thu, 02 Jan 2020 03:57:37 -0800


     [ 
https://issues.apache.org/jira/browse/CXF-8185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh reassigned CXF-8185:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> Generated Ephemeral Public Key missing in JWE Headers when Json Serialization 
> is used
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-8185
>                 URL: https://issues.apache.org/jira/browse/CXF-8185
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.4
>            Reporter: Frederik Libert
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static 
> (ECDH-ES), the 
> JWA Specification says that an Ephemeral Public Key MUST be set as "epk" 
> Header Parameter (
> https://tools.ietf.org/html/rfc7518#page-16).
> The key is generated during the encryption process.
> However, it is only added to the jwe output when using compact serialization.
> When using Json serialization, the header gets lost somewhere along the way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (CXF-8185) Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used

Reply via email to