JDK 8 does not comply with RFC 5915
Michael StJohns
mstjohns at comcast.net
Mon Jun 26 15:58:08 UTC 2017
On 6/25/2017 2:21 AM, Anders Rundgren wrote:
> During the work with https://github.com/cyberphone/java-cfrg-spec I
> had to look at the PKCS #8 spec as well.
> It turns out that JDK 8 does not comply with RFC 5915's SHOULD since
> EC private keys created by KeyPairGenerator do not contain public key
> info when getEncoded().
> I didn't check PKCS #8 de-serialization and serialization but I guess
> it doesn't work for that either.
>
> This is by no means serious, but differs from BouncyCastle as well as
> OpenSSL.
>
> Anders
Umm... SHOULD is not a MUST - JDK8 does comply with the RFC, it just
doesn't provide the "convenient" field:
> The publicKey
> field can be omitted when the public key has been distributed via
> another mechanism, which is beyond the scope of this document.
> Given the private key and the parameters, the public key can
> always be recomputed; this field exists as a convenience to the
> consumer.
I always thought that RFC5915 should have specified "MAY" there
instead. The main reason is that its trivial to reconstitute the
public key from the private key so there is mostly no need to keep the
two together and the actual text suggested as much.
Ideally, there should be a way to control what gets included in the
encoding - but the "getEncoded()" method doesn't permit an argument for
format.
Later, Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170626/49ac2c6b/attachment.htm>
More information about the security-dev
mailing list