RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Kevin Driver
kdriver at openjdk.org
Fri Aug 30 23:26:12 UTC 2024
On Fri, 16 Aug 2024 17:51:03 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> We use SecretKey, because sometimes the raw bytes may not be available to us, for example if it's a hardware key.
>
> Well, you can't handle this case and throws InvalidKeyException when there are such keys. When concatenating key objects, you accessed the raw bytes one by one and then use the resulting bytes to create a SecretKey object which is unnecessary...
> I've tried making the "SecretKey" to "byte[]" change for `inputKeyMaterial` and `salt` in my local workspace and it simplifies the code.
See: https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a31f
>> See above comment.
>
> Well, the hardware keys reason doesn't apply. I am referring to the type of `inputKeyMaterial` and `salt`, not `ikms` and `salts`.
See: https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a31f
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739512304
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739512278
More information about the security-dev
mailing list