JDK's XECPublicKey.getEncoded() deviates from RFC8410

Anders Rundgren anders.rundgren.net at gmail.com
Thu Sep 3 08:49:37 UTC 2020


Being an early adopter has its challenges...
https://github.com/cyberphone/openkeystore/blob/master/library/test/org/webpki/crypto/Jdk15XdhSerializationBug.java

   This test program verifies that JDK 11 - JDK 15 according to section 3 of
   RFC 8410 incorrectly add an ASN.1 "NULL" to the AlgorithmIdentifier of
   XDH public keys.  See line 9: below.
    0: SEQUENCE
         {
    2:     SEQUENCE
             {
    4:         OBJECT IDENTIFIER X25519 (1.3.101.110)
    9:         NULL
             }
   11:     BIT STRING, 32 bytes
       0000: 2f 97 25 02 da af 6b dc 0e e6 67 39 25 f2 f0 fe '/.%...k...g9%...'
       0010: 03 b0 24 09 3c f0 fc ef 3c 23 12 46 3d 5c 8e 15 '..$.<...<#.F=\..'
         }


This is not a showstopper since BC remains a compliant alternative. However, for EcDSA and EXH, BC and JDK are incompatible at the java source level.
If this is accepted as a bug, I hope you will also revisit the (compared to EdDSA keys), unnecessarily quirky use of AlgorithmParameterSpec.

Thanx,
Anders



More information about the security-dev mailing list