Skip to content

Commit fedc3f3

Browse files
navaneethsnair1navaneethsnair1
committed
updates to 25.0.0.9-GA blog
1 parent 04b2653 commit fedc3f3

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

posts/2025-09-09-25.0.0.9.adoc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -157,9 +157,9 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent
157157
[#ECDH_ES]
158158
== Add ECDH-ES support to JWT Builder
159159

160-
Open Liberty enhances its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the `jwtBuilder` configuration. This update allows application developers to use Elliptic Curve Cryptography to determine the Content Encryption Key (CEK) of a JSON Web Encryption (JWE) token, providing a modern alternative to the previously supported RSA-OAEP with enhanced security.
160+
Open Liberty enhances its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the `jwtBuilder` configuration. This update allows application developers to use Elliptic Curve Cryptography to determine the Content Encryption Key (CEK) of a JSON Web Encryption (JWE) token. By offering a modern alternative to the previously supported RSA-OAEP, the enhancement delivers improved security through ECDH-ES.
161161

162-
To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using the securityUtility or the keytool, for example:
162+
To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using the `securityUtility` or the `keytool`, for example:
163163

164164
----
165165
./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password
@@ -169,7 +169,7 @@ To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the
169169
keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password
170170
----
171171

172-
ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a `jwtBuilder` element of `JSON Web Token 1.0` (jwt-1.0) feature. Reference the EC public key used by the ECDH-ES key management algorithm by its alias in `keyManagementKeyAlias`, and specify the keystore using the `trustStoreRef` attribute.
172+
ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a `jwtBuilder` element of JSON Web Token 1.0 (`jwt-1.0`) feature. Reference the EC public key used by the ECDH-ES key management algorithm by its alias in `keyManagementKeyAlias`, and specify the keystore using the `trustStoreRef` attribute.
173173

174174
Sample `server.xml` configuration:
175175
[source, xml]
@@ -180,7 +180,7 @@ Sample `server.xml` configuration:
180180
trustStoreRef="myTrustStore" ... />
181181
----
182182

183-
For more details on configuring `jwtBuilder`, check the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
183+
For more information on configuring `jwtBuilder`, see the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
184184

185185
// DO NOT MODIFY THIS LINE. </GHA-BLOG-TOPIC>
186186

0 commit comments

Comments
 (0)