fix: only add y to the epk header parameter when EC keys are used

fixes #348

src/lib/encrypt_key_management.ts

@@ -4,7 +4,12 @@ import { encrypt as pbes2Kw } from '../runtime/pbes2kw.js'
 import { encrypt as rsaEs } from '../runtime/rsaes.js'
 import { encode as base64url } from '../runtime/base64url.js'
 
-import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters } from '../types.d'
+import type {
+  KeyLike,
+  JWEKeyManagementHeaderParameters,
+  JWEHeaderParameters,
+  JWK,
+} from '../types.d'
 import generateCek, { bitLength as cekLength } from '../lib/cek.js'
 import { JOSENotSupported } from '../util/errors.js'
 import { exportJWK } from '../key/export.js'
@@ -23,7 +28,7 @@ async function encryptKeyManagement(
   parameters?: JWEHeaderParameters
 }> {
   let encryptedKey: Uint8Array | undefined
-  let parameters: JWEHeaderParameters | undefined
+  let parameters: (JWEHeaderParameters & { epk?: JWK }) | undefined
   let cek: KeyLike | Uint8Array
 
   checkKeyType(alg, key, 'encrypt')
@@ -56,7 +61,8 @@ async function encryptKeyManagement(
         apu,
         apv,
       )
-      parameters = { epk: { x, y, crv, kty } }
+      parameters = { epk: { x, crv, kty } }
+      if (kty === 'EC') parameters.epk!.y = y
       if (apu) parameters.apu = base64url(apu)
       if (apv) parameters.apv = base64url(apv)