Draft design for Key Derivation API
Adam Petcher
adam.petcher at oracle.com
Mon Nov 20 16:09:50 UTC 2017
On 11/19/2017 3:15 PM, Michael StJohns wrote:
>
>> That behavior all sounds reasonable, I just have doubts that this
>> belongs in the spec. Are you expecting KeyDerivation to contain the
>> logic in your last paragraph? Something like this:
>>
>> <snip>
>>
>>
> KDFs are somewhat problematic in that *_they may not necessarily be
> producing objects from their own provider_*. This unfortunately isn't
> obvious, but let me try and explain.
>
> <snip>
Your response didn't contain a direct answer to my question above. If I
am interpreting your response correctly, then your answer is "Yes, and
we may need some additional information in DerivationParameterSpec (or
elsewhere) that controls this logic." Though I'm not sure I am
interpreting this correctly, so please let me know.
To be clear: I don't object to including the method that returns an
Object produced by a KDF. I'm specifically asking about the requirement
that this class of objects has a (byte[] int) constructor, and how that
constructor is expected to be used.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20171120/475798ea/attachment.htm>
More information about the security-dev
mailing list