RFR: 8341346: Add support for exporting TLS Keying Material [v12]
Sean Mullan
mullan at openjdk.org
Fri May 16 16:52:53 UTC 2025
On Thu, 15 May 2025 19:41:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> From a previous comment:
>>
>> IIUC, the exported keying material can be used for any purpose or algorithm, so we really can't make an good educated guess what it might be. They could be Keys (Ciphers), byte array/value challenges, or even just data that will be signed. This is just doing a quick read of some of the IANA definitions which link to some of the known use cases:
>>
>> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels
>
> Personally, I would like to give user the chance to specify the algorithm themselves. A "TlsExporterKeyingMaterial" key will not be accepted by an AES cipher. If you are not ready for this, I'd rather only provide the `exportKeyingMaterialData` method now.
How about adding a `String alg` parameter to `exportKeyingMaterialKey` like in the `KDF.deriveKey` API?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2093387401
More information about the net-dev
mailing list