Connect2id server 12.4: Support for ES256K, RSA-OAEP-384, RSA-OAEP-512 and XC20P

2021-10-27

The October release of the Connect2id server makes new cryptographic capabilities available to our customers.

• The ES256K JWS algorithm, based on the secp256k1 elliptic curve, which found popularity in Ethereum and Bitcoin, can now be used to sign tokens issued by the Connect2id server as well as request objects (JARs) sent by OAuth 2.0 clients. Clients can also use ES256K to authenticate with the private_key_jwt method at the token endpoint.

  Note that the JWK set generator tool for the Connect2id server was updated to be able to generate EC keys with the secp256k1 curve necessary for ES256K signatures.

• The EdDSA JWS algorithm (with Ed25519 curve), introduced in Connect2id server 9.4 to boost the signing throughput of JWT-encoded access tokens (by a factor of 62!), can now also be applied to sign ID tokens, UserInfo JWTs and authorisation responses (JARM).

• The RSA-OAEP-256 JWE algorithm for encrypting to a public RSA key is now complemented by the RSA-OAEP-384 and RSA-OAEP-512 algorithms which use SHA-384 resp SHA-512. They can be used in all places where a JWE algorithm for public key encryption is expected.

• XC20P is a JWE content encryption method with extended nonce ChaCha20 / Poly1305. With 256 bit symmetric encryption strength it represents an alternative to the existing AES-based algorithms for JWE - A256CBC-HS512 and A256GCM. ChaCha20 allows for efficient implementation in software and applications on constrained devices that lack dedicated CPU instructions for AES may achieve performance and power saving advantages by switching to XC20P.

A complete list of the JWS and JWE algorithms the Connect2id server currently supports is available in the datasheet.

Here is an example OpenID relying party registration to receive ID tokens and UserInfo responses signed with EdDSA. The client registration guide has more examples.

POST /clients HTTP/1.1
Host: demo.c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
Content-Type: application/json

{
  "redirect_uris"                : [ "https://client.example.org/callback" ],
  "id_token_signed_response_alg" : "EdDSA",
  "userinfo_signed_response_alg" : "EdDSA"
}

The new JWS and JWE algorithms are already implemented in the open source Nimbus JOSE+JWT library for Java. There are helpful examples how to deal with those algorithms on the client side:

• JWT with ES256K signature

• JWT with EdDSA / Ed25519 signature

• RSA-based public encryption of JWTs

• JWE with XChaCha20 / Poly 1305 (XC20P) authenticated content encryption

Download

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 12.4: Connect2id-server.zip

SHA-256: f4f7088808e660b30c74ba2050aa2965698b8d8a27e4d2bf84d44cff4b956ded

Connect2id server 12.4 WAR package: c2id.war

SHA-256: 7996fbd1b19dd15b1dfc44113676cd80915d0c77e90d0f66f06598828cb04b03

Multi-tenant edition

Apache Tomcat package with Connect2id server 12.4: Connect2id-server-mt.zip

SHA-256: d3c18c0144ae60b5c9ff71014511995797cf096aeb98c0aa91328f5dfe88e541

Connect2id server 12.4 WAR package: c2id-multi-tenant.war

SHA-256: 52c12ab1a5d9f6969d5d92e2567a2ce4e8b48201cbb7af87e174d137fa80970e

Questions?

Contact Connect2id support.

---

Release notes

12.4 (2021-10-27)

Summary

• Expands the cryptographic capabilities of the Connect2id server with the ES256K algorithm for JWS, RSA-OAEP-384 and RSA-OAEP-512 for JWE and XC20P (extended nonce ChaCha20 / Poly1305) as JWE encryption method. The ES256K and EdDSA (with 25519 curve) JWS algorithms can now be used to sign ID tokens, UserInfo responses and authorisation responses (JARM). JWT-encoded access tokens can now be signed with the ES256, ES256K, ES384 and ES512 JWS algorithms.

  Specifications:

  • ES256K: https://datatracker.ietf.org/doc/html/rfc8812#section-3.1
  • RSA-OAEP-384 and RSA-OAEP-512: https://www.w3.org/TR/WebCryptoAPI/
  • XC20P: https://datatracker.ietf. org/doc/html/draft-amringer-jose-chacha-02#section-4.1

Configuration

• /WEB-INF/jwkSet.json

  • Adds support for including an optional signing JSON Web Key (JWK) of type (kty) EC and with curve (crv) secp256k1 for performing signatures with the ES256K JWS algorithm.

• /WEB-INF/oidcProvider.properties

  • op.token.authJWSAlgs -- Adds token endpoint private_key_jwt client authentication support for the ES256K JWS algorithm.

  • op.authz.requestJWSAlgs -- Adds request object / JAR support for the ES256K JWS algorithm.

  • op.authz.requestJWEAlgs -- Adds request object / JAR support for the RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms.

  • op.authz.requestJWEEncs -- Adds request object / JAR support for the XC20P (extended nonce ChaCha20 / Poly1305) JWE encryption method .

  • op.authz.responseJWSAlgs -- Adds JARM support for the ES256K and EdDSA (with 25519 curve) JWS algorithms.

  • op.authz.responseJWEAlgs -- Adds JARM support for the RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms.

  • op.authz.responseJWEEncs -- Adds JARM support for the XC20P (extended nonce ChaCha20 / Poly1305) JWE encryption method.

  • op.idToken.jwsAlgs -- Adds ID token support for the ES256K and EdDSA (with 25519 curve) JWS algorithms.

  • op.idToken.jweAlgs-- Adds ID token support for the RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms.

  • op.idToken.jweEncs -- Adds ID token support for the XC20P (extended nonce ChaCha20 / Poly1305) JWE encryption method.

  • op.userinfo.jwsAlgs -- Adds UserInfo JWT response support for the ES256K and EdDSA (with 25519 curve) JWS algorithms.

  • op.userinfo.jweAlgs -- Adds UserInfo JWT response support for the RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms.

  • op.userinfo.jweEncs -- Adds UserInfo JWT response support for the XC20P (extended nonce ChaCha20 / Poly1305) JWE encryption method.

• /WEB-INF/authzStore.properties

  • authzStore.accessToken.jwsAlgorithm -- Adds support for signing self-contained (JWT) access tokens with the ES256, ES256K, ES384 and ES512 JWS algorithms.

  • authzStore.accessToken.jweMethod -- Adds support for direct encryption of self-contained (JWT-encoded) access tokens with the XC20P (extended nonce ChaCha20 / Poly1305) JWE encryption method.

Resolved issues

• Updates the HTTP claims source connector to include an "Accept: application/json" HTTP header in the outgoing requests (issue httpcs/1).

• Updates the AS0213 log INFO message to include the type of the introspected access token (issue server/692).

• Updates the SE3000 log INFO message to indicate when a X.509 certificate is present for a loaded server JWK (issue server/694).

Dependency changes

• Upgrades to com.nimbusds:oauth2-oidc-sdk:9.19

• Updates to com.nimbusds:oauth2-authz-store:17.6

• Updates to com.nimbusds:oauth2-session-store:14.7

• Upgrades to com.nimbusds:c2id-server-jwkset:1.24

• Updates to com.nimbusds:nimbus-jwkset-loader:5.2

• Updates to com.nimbusds:nimbus-jose-jwt:9.15.2

• Updates to com.nimbusds:oidc-claims-source-http:2.2