Skip to content

Commit 0f2664d

Browse files
IsmathBadshaIsmathBadsha
committed
Review_comments
1 parent fb2abce commit 0f2664d

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

posts/2025-09-09-25.0.0.9.adoc

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
---
22
layout: post
3-
title: "ECDH-ES support added to JwtBuilder in 25.0.0.9"
3+
title: "ECDH-ES support added to JWT Builder in 25.0.0.9"
44
# Do NOT change the categories section
55
categories: blog
66
author_picture: https://avatars3.githubusercontent.com/IsmathBadsha
77
author_github: https://github.com/IsmathBadsha
8-
seo-title: ECDH-ES support added to JwtBuilder in 25.0.0.9 - OpenLiberty.io
9-
seo-description: 'This release introduces ECDH-ES support in JwtBuilder as a key management algorithm, offering a more secure alternative to RSA-OAEP.'
10-
blog_description: 'This release introduces ECDH-ES support in JwtBuilder as a key management algorithm, offering a more secure alternative to RSA-OAEP.'
8+
seo-title: ECDH-ES support added to JWT Builder in 25.0.0.9 - OpenLiberty.io
9+
seo-description: 'This release introduces ECDH-ES support in JWT Builder as a key management algorithm, offering a more secure alternative to RSA-OAEP.'
10+
blog_description: 'This release introduces ECDH-ES support in JWT Builder as a key management algorithm, offering a more secure alternative to RSA-OAEP.'
1111
open-graph-image: https://openliberty.io/img/twitter_card.jpg
1212
open-graph-image-alt: Open Liberty Logo
1313
---
14-
= ECDH-ES support added to JwtBuilder in 25.0.0.9
14+
= ECDH-ES support added to JWT Builder in 25.0.0.9
1515
Ismath Badsha <https://github.com/IsmathBadsha>
1616
:imagesdir: /s
1717
:url-prefix:
@@ -49,7 +49,7 @@ Ismath Badsha <https://github.com/IsmathBadsha>
4949
// change the "IMAGE CAPTION" to a couple words of what the image is
5050
// // // // // // // //
5151

52-
This release introduces ECDH-ES support in JwtBuilder as a key management algorithm, offering a more secure alternative to RSA-OAEP.
52+
This release introduces ECDH-ES support in JWT Builder as a key management algorithm, offering a more secure alternative to RSA-OAEP.
5353

5454
// // // // // // // //
5555
// In the preceding section:
@@ -66,7 +66,7 @@ This release introduces ECDH-ES support in JwtBuilder as a key management algori
6666

6767
In link:{url-about}[Open Liberty] 25.0.0.9:
6868

69-
* <<ECDH_ES, Add ECDH-ES support to JwtBuilder>>
69+
* <<ECDH_ES, Add ECDH-ES support to JWT Builder>>
7070
* <<CVEs, Security Vulnerability (CVE) Fixes>>
7171
* <<bugs, Notable bug fixes>>
7272

@@ -156,11 +156,11 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent
156156
// Contact/Reviewer: tloodu
157157
// // // // // // // //
158158
[#ECDH_ES]
159-
== Add ECDH-ES support to JwtBuilder
159+
== Add ECDH-ES support to JWT Builder
160160

161-
Open Liberty has enhanced its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the JwtBuilder configuration. This update allows application developers to use Elliptic Curve Cryptography for encrypting the Content Encryption Key (CEK) of a JWE, providing a modern alternative to the previously supported RSA-OAEP with enhanced security.
161+
Open Liberty has enhanced its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the JWT Builder configuration. This update allows application developers to use Elliptic Curve (EC)Cryptography to determine the Content Encryption Key (CEK) of a JSON Web Encryption (JWE) token, providing a modern alternative to the previously supported RSA-OAEP with enhanced security.
162162

163-
To use ECDH-ES, developers must define an Elliptic Curve public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using securityUtility or keytool, for example:
163+
To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using securityUtility or keytool, for example:
164164

165165
----
166166
./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password
@@ -170,7 +170,7 @@ To use ECDH-ES, developers must define an Elliptic Curve public key in the `keyM
170170
keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password
171171
----
172172

173-
ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a JwtBuilder element of `JSON Web Token 1.0` (jwt-1.0) feature. The EC public key used for encryption must be referenced by its alias in `keyManagementKeyAlias`, and the keystore must be specified using the `trustStoreRef` attribute.
173+
ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in aJWT Builder element of `JSON Web Token 1.0` (jwt-1.0) feature. The EC public key used for encryption must be referenced by its alias in `keyManagementKeyAlias`, and the keystore must be specified using the `trustStoreRef` attribute.
174174

175175
Sample server.xml configuration:
176176
[source, xml]
@@ -181,7 +181,7 @@ Sample server.xml configuration:
181181
trustStoreRef="myTrustStore" ... />
182182
----
183183

184-
For more details on configuring `JwtBuilder` and using ECDH-ES, check the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
184+
For more details on configuring `JWT Builder`, check the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
185185

186186
// DO NOT MODIFY THIS LINE. </GHA-BLOG-TOPIC>
187187

0 commit comments

Comments
 (0)