RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v6]
Weijun Wang
weijun at openjdk.org
Thu Dec 19 00:14:36 UTC 2024
On Wed, 18 Dec 2024 23:31:55 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 737:
>>
>>> 735: m(CKM_CHACHA20_POLY1305));
>>> 736: d(SKF, "Generic", P11SecretKeyFactory,
>>> 737: m(CKM_GENERIC_SECRET_KEY_GEN));
>>
>> How useful is this? Is it only used to import a "Generic" `SecretKeySpec` into a token? I see it's used in the test when adding a key. Can you simply add the `SecretKeySpec` key there?
>
> Generic is a native PKCS11 key type (`CKK_GENERIC_SECRET`) that could have been added to SunPKCS11 before, irrespective of HKDF. It's convenient for the test to have key material in the token and test consolidation (IKM or salt).
Do you think we can add it to the Java Security Standard Names document?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1890976078
More information about the core-libs-dev
mailing list