RFR: 8377506: Implementation of PEM Encodings of Cryptographic Objects [v2]

Sean Mullan mullan at openjdk.org
Fri Feb 20 15:10:35 UTC 2026 

On Fri, 20 Feb 2026 01:32:39 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Please review the finalized PEM API at https://openjdk.org/jeps/8360563. The most significant changes from the second preview, JEP 524 (https://openjdk.org/jeps/524), include:
>> 
>> - `PEM` is changed from a record to a class, with content stored in binary form and data defensively copied.
>> - `DEREncodable` is renamed to `BinaryEncodable` to more accurately reflect the binary data stored in PEM text.
>> - In `EncryptedPrivateKeyInfo`, the `encrypt` methods now accept `BinaryEncodable`, and the `getKey()` and `getKeyPair()` methods no longer include a `Provider` parameter.
>> - A new `CryptoException` indicates failures during cryptographic processing at runtime.
>> 
>> thanks
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
> 
>   review comments

src/java.base/share/classes/java/security/PEM.java line 76:

> 74:  */
> 75: 
> 76: final public class PEM implements BinaryEncodable {

I think the order should be "public final".

src/java.base/share/classes/java/security/PEMDecoder.java line 514:

> 512:      * Returns a copy of this {@code PEMDecoder} that decodes and decrypts
> 513:      * encrypted private keys using the specified password.
> 514:      * Unencrypted PEM can also be decoded by the returned instance

Missing period.

src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 347:

> 345:      * Specification.
> 346:      *
> 347:      * @param de the {@code BinaryEncodable} to encrypt. Supported types include

Change variable name to `be`.

src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 392:

> 390:      * password-based encryption (PBE) algorithm and provider are used.
> 391:      *
> 392:      * @param de the {@code BinaryEncodable} to encrypt. Supported types include

Change variable name to be.

src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 426:

> 424:      * Specification.
> 425:      *
> 426:      * @param de the {@code BinaryEncodable} to encrypt. Supported types include

Change variable name to be.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r2833666554
PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r2833557059
PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r2833246705
PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r2833253745
PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r2833255134

More information about the core-libs-dev mailing list