[OPENIDM-14769] Update the encryption/decryption algorithm for JWT to a symmetric algorithm Created: 19/May/20  Updated: 03/Jun/20

Status: Open
Project: OpenIDM
Component/s: Module - Authentication
Affects Version/s: 7.0.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Dirk Hogan Assignee: Brendan Miller
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is duplicated by OPENIDM-14829 Take advantage of more efficient crypto Closed
is related to OPENIDM-14829 Take advantage of more efficient crypto Closed
Target Version/s:


https://stash.forgerock.org/projects/COMMONS/repos/forgerock-commons/browse/json-web-token recommends symmetric keys for encryption/decryption. The JweAlgorithm used by IDM is defined in TokenHandlerService#getJwtTokenHandler. It is currently an asymmetric cipher: JweAlgorithm.RSA_OAEP_256. The likely replacement is JweAlgorithm.ECDH_ES. Any choice should be confirmed with Neil Madden. Switching from asymmetric to symmetric encryption will likely result in a performance boost.

Generated at Mon Nov 30 14:14:16 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.