cannot specify CEK or retrieve auto generated CEK when use RSAEncrpter
I have a scenario that need encrypt content with AES and protect key with RSA public key, and I need to save the AES key (CEK) somewhere for later use, but with RSAEncrypter, I cannot retrieve the auto generated CEK, but with DirectEncrypter, I cannot embed the CEK to JWE
Suggest fix: 1. create a new method in RSAEncrypter, which allows input a SecretKey as CEK 2. add a method to allow retrieve auto generated CEK
Comments (8)
-
-
- marked as enhancement
- marked as major
Marking as feature request.
The JWE spec doesn't require the CEK to be made available to the calling code.
You may try to work around by extracting and decrypting the CEK.
PRs of course always welcome :)
-
reporter @vdzhuvinov Yes, I can create a pull request, could you create a issue branch for me (seems I don't have permission to create branch), so I can submit my fix there?
-
I gave you temp write access for this. Looking forward to it :)
-
reporter @vdzhuvinov , created pull request https://bitbucket.org/connect2id/nimbus-jose-jwt/pull-requests/36/support-specify-cek-in-rsaencrypter-remove/diff, could you review/merge?
-
- changed status to resolved
Thanks for the PR! The approach was good, I just created a promiscuous mode flag and restored the deleted alg and JWE part checks in the DirectDecrypter so as not to break the default contract for "dir" JWEs.
Check out v5.13 from Maven Central in a few hours.
-
An example was published: https://twitter.com/connect2id/status/1019167721525739521
-
reporter @vdzhuvinov thanks
- Log in to comment
Hi, Would you be interested in submitting a pull request for that feature?