RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]
Kevin Driver
kdriver at openjdk.org
Fri Aug 30 16:37:57 UTC 2024
On Tue, 13 Aug 2024 14:39:58 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 468:
>>
>>> 466: "com.sun.crypto.provider.HkdfKeyDerivation$HkdfSHA384");
>>> 467: ps("KDF", "HKDFWithHmacSHA512",
>>> 468: "com.sun.crypto.provider.HkdfKeyDerivation$HkdfSHA512");
>>
>> Have you considered names such as HKDFWithSHA256? The "Hmac" part is sort of implied by the HKDF (Hmac-based Key Derivation Function). This also better matches the names used in [RFC 8619](https://datatracker.ietf.org/doc/html/rfc8619 ) which defines OIDs for HKDF. Now that we are adding support for HKDF, maybe add these oids to KnownOIDs?
>
> @valeriepeng: @seanjmullan: @wangweij: There are `Cipher`s with this convention, namely: `PBEWithHmacSHA512/256AndAES_256` and many others. In addition, there are corresponding `AlgorithmParameters` and `SecretKeyFactory` declarations.
>
> I am not opposed to adopting the proposed convention -- just offering an alternate view.
>
> Replied with this same comment in another place where @valeriepeng mentioned this issue.
Addressed in https://github.com/openjdk/jdk/pull/20301/commits/6b7a75da2ebb1cc9d95628018d756e2ce2162768. Please review and confirm if resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739093990
More information about the security-dev
mailing list