Draft design for Key Derivation API

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Nov 3 20:59:34 UTC 2017


Hello all,

This is a review request for the draft of a new Key Derivation API.  The 
goal of this API will be to provide a framework for KDF algorithms like 
HKDF, TLS-PRF, PBKDF2 and so forth to be publicly accessible.  We also 
plan to provide an SPI that let 3rd parties create their own 
implementations of KDFs in their providers, rather than trying to force 
them into KeyGenerators, SecretKeyFactories and the like.

Rather than stuff this email full of the specification text (since it is 
likely to get quite a few iterations of comments and 
comments-to-comments), I have placed the API both in simple text form 
and as a Javadoc at the following locations:

spec: http://cr.openjdk.java.net/~jnimeh/reviews/kdfspec/kdfspec.01.txt

javadoc: http://cr.openjdk.java.net/~jnimeh/reviews/kdfspec/javadoc.01/

They're both the same content, just use whichever is friendlier for your 
eyes.

In addition, I have opened up the JEP as well:

https://bugs.openjdk.java.net/browse/JDK-8189808

Thanks to those who have contributed to very early internal drafts of 
this so far, and thanks in advance to those who will be contributing 
comments going forward.

--Jamil





More information about the security-dev mailing list