[ https://issues.apache.org/jira/browse/CXF-8185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000761#comment-17000761 ]
Frederik Libert commented on CXF-8185: -------------------------------------- Ok, I'll try to do that. The reason that I fixed CXF-8177 and CXF-8178 in the same branch is that the fix for the latter is done in a class that I externalized during my fixes for the first. I replayed my fixes on my branch and split them up into 2 commits (one for each issue) to make it easier to verify the changes. I also removed some whitespace changes that my IDE made. Thanks for your time! > Generated Ephemeral Public Key missing in JWE Headers when Json Serialization > is used > ------------------------------------------------------------------------------------- > > Key: CXF-8185 > URL: https://issues.apache.org/jira/browse/CXF-8185 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security > Affects Versions: 3.3.4 > Reporter: Frederik Libert > Priority: Blocker > > When using Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static > (ECDH-ES), the > JWA Specification says that an Ephemeral Public Key MUST be set as "epk" > Header Parameter ( > https://tools.ietf.org/html/rfc7518#page-16). > The key is generated during the encryption process. > However, it is only added to the jwe output when using compact serialization. > When using Json serialization, the header gets lost somewhere along the way. -- This message was sent by Atlassian Jira (v8.3.4#803005)