25.0.0.9_GA_release

IsmathBadsha · IsmathBadsha · commit 0fcffd7e37ef · 2025-09-01T15:08:56.000+05:30
diff --git a/posts/2025-09-09-25.0.0.9.adoc b/posts/2025-09-09-25.0.0.9.adoc
@@ -164,12 +164,11 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent
 [#ECDH-ES]
 == Add ECDH-ES support to JwtBuilder
 
-       Open Liberty has enhanced its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the JwtBuilder configuration. This update allows application developers to use Elliptic Curve Cryptography for encrypting the Content Encryption Key (CEK) of a JWE, providing a modern alternative to the previously supported RSA-OAEP with enhanced security.To use ECDH-ES, developers must define an Elliptic Curve public key in the keyManagementKeyAlias attribute.The EC public and private key pair can be generated using securityUtility or keytool, for example:
-        - `./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password`
-        - `keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password`
-      ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a JwtBuilder element of `JSON Web Token 1.0` (`jwt-1.0`) feature.The EC public key used for encryption must be referenced by its alias in `keyManagementKeyAlias`, and the keystore must be specified using the `trustStoreRef` attribute.
-
-      Sample server.xml configuration:
+Open Liberty has enhanced its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the JwtBuilder configuration. This update allows application developers to use Elliptic Curve Cryptography for encrypting the Content Encryption Key (CEK) of a JWE, providing a modern alternative to the previously supported RSA-OAEP with enhanced security.To use ECDH-ES, developers must define an Elliptic Curve public key in the keyManagementKeyAlias attribute.The EC public and private key pair can be generated using securityUtility or keytool, for example:
+  - `./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password`
+  - `keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password`
+ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a JwtBuilder element of `JSON Web Token 1.0` (`jwt-1.0`) feature.The EC public key used for encryption must be referenced by its alias in `keyManagementKeyAlias`, and the keystore must be specified using the `trustStoreRef` attribute.
+Sample server.xml configuration:
 
 [source,xml]
 ----
