JCA design for RFC 7748

Xuelei Fan xuelei.fan at oracle.com
Tue Aug 8 19:42:33 UTC 2017


On 8/8/2017 8:45 AM, Anders Rundgren wrote:
> On 2017-08-08 17:25, Adam Petcher wrote:
> 
>> It sounds like what you are saying is
>> that I will need something like XDHPublicKey and XDHPrivateKey in
>> java.security.interfaces. Can you tell me why? What is it that we can't
>> do without these interfaces?
> 
> Every JOSE Java library I have seen constructs and deconstructs RSA and 
> EC keys
> based on JWK definitions.  Maybe we don't need XDH keys but it would be 
> nice to
> hear what the solution would be without such.
> 
> Then there's lot of stuff out there like this which also needs some
> explanations on how to enhance with RFC7748 on board:
> 
> Object myOwnEncrypt(PublicKey publicKey) throws SecurityException {
>     if (publicKey instanceof RSAKey) {
>       // RSA
>     } else {
>       // It should be EC
>     }
> }
> 
The code above is not reliable unless one understand the underlying 
JCA/JCE provider behavior exactly this way.  For a certain provider, an 
RSA key may be not an instance of RSAKey.  I would use 
key.getAlgorithm() instead.

Xuelei

> CC:ing the creator of OKP keys.
> 
> https://tools.ietf.org/html/rfc8037#section-2
> 
> Anders



More information about the security-dev mailing list