RFR: 5066842: PKCS8EncodedKeySpec needs getAlgorithm method

Anthony Scarpino ascarpino at openjdk.org
Thu Sep 1 23:37:33 UTC 2022


On Thu, 1 Sep 2022 23:25:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Since the algorithm is already encoded inside a PKCS #8 data block, it is not necessary to provide an algorithm when a `PKCS8EncodedKeySpec` object is created. The same for `X509EncodedKeySpec`.

src/java.base/share/classes/java/security/spec/EncodedKeySpec.java line 109:

> 107:      * If this object is created with {@link #EncodedKeySpec(byte[])}, this method in
> 108:      * this base class returns {@code null}. A child class may parse the content of the encoded
> 109:      * key and return its algorithm name if one can be recovered.

Personally I think it sounds better to say "key and return its algorithm name if it can be determined.

src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java line 73:

> 71:      * it will be returned. Otherwise, the object identifier inside the `privateKeyAlgorithm`
> 72:      * field is returned in its string format (For example, "1.3.14.7.2.1.1").
> 73:      * If the encoded key cannot be parsed correctly, the algorithm will be null.

Is this that OID format last week we talked about with passing algorithms we don't know to another provider?

-------------

PR: https://git.openjdk.org/jdk/pull/10131



More information about the security-dev mailing list