connect2id / Nimbus-JOSE-JWT / issues / #275 - Make ECDHEncrypter take ephemeral key as argument — Bitbucket

Issue #275 invalid

Antonio Ivanovski created an issue 2018-09-06

I am having difficulties implementing Diffie Hellman with static key (ECDH_ES). The issue is that on each ECDHEncrypter.encrypt new ephemeral key is generated and I don't have access to it. Reference: https://bitbucket.org/connect2id/nimbus-jose-jwt/src/5f53c563450a4ffeee5547c4fc47e19abc4dcfb8/src/main/java/com/nimbusds/jose/crypto/ECDHEncrypter.java?at=master&fileviewer=file-view-default#ECDHEncrypter.java-162:165

I want to have access to the private key so i can create ECDHDecrypter so i can achieve secure two way communication.

It seems to me that I am using the library wrong, please correct me if this is the case. Otherwise, I would gladly submit a PR.

Comments (1)

Vladimir Dzhuvinov
- changed status to invalid
Hi Antonio,

The ephemeral key is a one-time-use intermediate key used to derive the so called shared key Z. It must not be passed to the recipient.

https://tools.ietf.org/html/rfc7518#section-4.6

At the recipient ECDHDecrypter just pass the private key for the public one used to create the ECDHEncrypter.
- 2018-09-07T06:55:16+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: major

Status: invalid

Component: Crypto package

Milestone: –

Votes: 1

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!