RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v8]
Martin Balao
mbalao at openjdk.org
Fri Dec 20 01:35:47 UTC 2024
On Fri, 20 Dec 2024 00:58:31 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> > there will be part of the functionality difficult or impossible to use and untested.
>
> Show me a case that is impossible with this factory. IIUC, the only usage of this factory is to convert a `SecretKeySpec` to a P11 key. Why need this step if your new HKDF and existing HMac impl already accept `SecretKeySpec`?
>
> Do you want to store that key inside the token for a while before feeding it to HKDF?
Yes, you can create and re-use keys in the token for salts, IKMs, hmacs instead of creating new ones with conversion from SecretKeySpecs. It's not really different than other key types for which we have a factory, with the difference that _Generic_ is more flexible in terms of the key length for example.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22215#issuecomment-2556083668
More information about the security-dev
mailing list