THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Java7 or higher is recommended in most cases.
JWE:
Java6 does not support JWE AES GCM key wrap and content encryption algorithms (while with BouncyCastle it is not possible to submit JWE Header properties as an extra input to the encryption process to get them integrity protected), however with Java 6 one can use AesCbcHmac content encryption if BouncyCastle is installed.
Unlimited JCE Policy for Java 7/8/9 needs to be installed if a size of the encryption key is 256 bits (example, JWE A256GCM).
JWS:
Java 6 should also be fine but note only CXF 3.0.x can be run with Java 6.
...
| Algorithm | JWE Header 'alg' | KeyEncryptionProvider | KeyDecryptionProvider |
| RSAES-PKCS1-v1_5 | RSA1_5 | RSAKeyEncryptionAlgorithm | RSAKeyDecryptionAlgorithm |
| RSAES OAEP | RSA-OAEP, RSA-OAEP-256 | RSAKeyEncryptionAlgorithm | RSAKeyDecryptionAlgorithm |
| AES Key Wrap | A128KW, A192KW, A256KW | AesKeyWrapEncryptionAlgorithm | AesKeyWrapDecryptionAlgorithm |
| Direct | dir | DirectKeyEncryptionAlgorithm | DirectKeyDecryptionAlgorithm |
| ECDH-ES Key Wrap | ECDH-ES+A128KW (+A192KW, +256KW) | EcdhAesWrapKeyEncryptionAlgorithm | EcdhAesWrapKeyDecryptionAlgorithm |
| ECDH-ES Direct | ECDH-ES | EcdhDirectKeyJweEncryption | EcdhDirectKeyJweDecryption |
| AES-GCM Key Wrap | A128GCMKW, A192GCMKW, A256GCMKW | AesGcmWrapKeyEncryptionAlgorithm | AesGcmWrapKeyDecryptionAlgorithm |
| PBES2 | PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW | PbesHmacAesWrapKeyEncryptionAlgorithm | PbesHmacAesWrapKeyDecryptionAlgorithm |
...
RSA-OAEP algorithms are likely to be used most often at the moment due to existing JKS stores being available everywhere and a relatively easy way of making the public validation keys available.
BouncyCastle is required if you use AES Key or AES-GCM Key Wrap or PBES2 key encryption.
ContentEncryptionProvider supports encrypting a generated content-encryption key, ContentDecryptionProvider - decrypting it.
...
All of the above providers can be initialized with the keys loaded from JWK or Java JKS stores or from the in-memory representations.
BouncyCastle is required if you use AES_CBC_HMAC content encryption.
Once you have decided which key and content encryption algorithms need to be supported you can initialize JwsEncryptionProvider and JwsDecryptionProvider which do the actual JWE encryption/decryption work by coordinating with the key and content encryption providers. CXF ships JweEncryption (JwsEncryptionProvider) and JweDecryption (JweDecryptionProvider) helpers, simply pass them the preferred key and content encryption providers and have the content encrypted or decrypted.
...