JDK 8 does not comply with RFC 5915
Anders Rundgren
anders.rundgren.net at gmail.com
Sun Jun 25 06:21:08 UTC 2017
During the work with https://github.com/cyberphone/java-cfrg-spec I had to look at the PKCS #8 spec as well.
It turns out that JDK 8 does not comply with RFC 5915's SHOULD since EC private keys created by KeyPairGenerator do not contain public key info when getEncoded().
I didn't check PKCS #8 de-serialization and serialization but I guess it doesn't work for that either.
This is by no means serious, but differs from BouncyCastle as well as OpenSSL.
Anders
More information about the security-dev
mailing list