JCA design for RFC 7748
Xuelei Fan
xuelei.fan at oracle.com
Tue Aug 8 19:42:33 UTC 2017
On 8/8/2017 8:45 AM, Anders Rundgren wrote:
> On 2017-08-08 17:25, Adam Petcher wrote:
>
>> It sounds like what you are saying is
>> that I will need something like XDHPublicKey and XDHPrivateKey in
>> java.security.interfaces. Can you tell me why? What is it that we can't
>> do without these interfaces?
>
> Every JOSE Java library I have seen constructs and deconstructs RSA and
> EC keys
> based on JWK definitions. Maybe we don't need XDH keys but it would be
> nice to
> hear what the solution would be without such.
>
> Then there's lot of stuff out there like this which also needs some
> explanations on how to enhance with RFC7748 on board:
>
> Object myOwnEncrypt(PublicKey publicKey) throws SecurityException {
> if (publicKey instanceof RSAKey) {
> // RSA
> } else {
> // It should be EC
> }
> }
>
The code above is not reliable unless one understand the underlying
JCA/JCE provider behavior exactly this way. For a certain provider, an
RSA key may be not an instance of RSAKey. I would use
key.getAlgorithm() instead.
Xuelei
> CC:ing the creator of OKP keys.
>
> https://tools.ietf.org/html/rfc8037#section-2
>
> Anders
More information about the security-dev
mailing list