Please review EdDSA API
Adam Petcher
adam.petcher at oracle.com
Wed Jul 25 15:07:53 UTC 2018
+core-libs-dev for additional API expertise.
On 7/25/2018 10:29 AM, Adam Petcher wrote:
> The draft CSR[1] for the EdDSA API[2] is ready for review. Please take
> a look and send me any feedback you may have. Here are a few
> high-level notes to explain the API:
>
> 1) Where possible, this API is similar to the API for X25519/X448. To
> get the complete background/motivation for the API design, you can
> review the discussion[3] on this topic.
> 2) Similar to X25519/X448, private keys are byte arrays, and public
> keys coordinates. Though we can't get by with a single BigInteger
> coordinate for EdDSA, so I am using the new EdPoint class to hold the
> coordinates.
> 3) EdDSA has multiple signature modes defined in the RFC[4], including
> some that "prehash" the input before signing. The draft API uses the
> EdDSAParameterSpec class to specify parameters of these modes. The
> standard does not allow an arbitrary choice of prehash function, so
> the API for EdDSA does not support algorithm names like
> "SHA256withEdDSA".
>
> [1] https://wiki.openjdk.java.net/display/csr/Main
> [2] https://bugs.openjdk.java.net/browse/JDK-8190219
> [3]
> http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
> [4] https://tools.ietf.org/html/rfc8032
>
More information about the security-dev
mailing list