RFR: 5066842: PKCS8EncodedKeySpec needs getAlgorithm method

Weijun Wang weijun at openjdk.org
Thu Sep 1 23:37:34 UTC 2022


On Thu, 1 Sep 2022 23:30:40 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Since the algorithm is already encoded inside a PKCS #8 data block, it is not necessary to provide an algorithm when a `PKCS8EncodedKeySpec` object is created. The same for `X509EncodedKeySpec`.
>
> src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java line 73:
> 
>> 71:      * it will be returned. Otherwise, the object identifier inside the `privateKeyAlgorithm`
>> 72:      * field is returned in its string format (For example, "1.3.14.7.2.1.1").
>> 73:      * If the encoded key cannot be parsed correctly, the algorithm will be null.
> 
> Is this that OID format last week we talked about with passing algorithms we don't know to another provider?

Yes, if it's unknown. I plan to implement this with `AlgorithmId.parse(privateKeyAlgorithm).getName()`.

-------------

PR: https://git.openjdk.org/jdk/pull/10131


More information about the security-dev mailing list