JEP draft: PEM API (Preview)
Anthony Scarpino
anthony.scarpino at oracle.com
Fri Nov 17 19:50:58 UTC 2023
On 11/16/23 5:36 PM, Bernd Eckenfels wrote:
> Anthony Scarpino wrote on 16. Nov 2023 23:47 (GMT +01:00):
>> Hi all,
>>
>> We are proposing to add an API for PEM and a foundation for other
>> crypto encoding.
>
> I like the modularity and that you do not try to squeeze it into the
> existing services.
>
> I wonder if you should also allow to set comment or generally text
> headers when encoding and for decoding if you need access to the
> comment.
>
> There are some variants like „BEGIN PUBLiC SSH KEY“ maybe the JEP
> should list the ones which are accepted
>
> Does the encoder need to make the line configurable?
PEMEncoder/PEMDecoder support PKCS8 and X509, as those are the binary
encodings the JDK JCE providers support.
Other encodings, like SSH, OpenSSL, or JOSE, would be implemented in a
separate classes implementing Encoder<T> and Decoder<T>. Those classes
could parses the headers, footers, and binary encodings.
A single class parsing all encodings was too complicated. Allowing
developers to implement other Encoders/Decoders provides for
customization and potentially contributions back to the JDK.
> Should initial version already support PQC keys?
It depends if PQC Key classes are availability by PEM integration.
Tony
More information about the security-dev
mailing list