Withdrawn: 8347938: Switch to latest ML-KEM private key encoding
duke
duke at openjdk.org
Tue Apr 1 01:19:30 UTC 2025
On Thu, 30 Jan 2025 22:00:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IERTF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-06 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-07. Most importantly, the seed used to generate a key pair is now stored in the private key.
>
> Both the seed and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key that contains the seed, both fields will be filled. If the PKCS #8 encoding only contains the expanded key (which does not conform to the current drafts but might have been created earlier), the expanded key will be read and used in KEM and signature operations.
This pull request has been closed without being integrated.
-------------
PR: https://git.openjdk.org/jdk/pull/23376
More information about the security-dev
mailing list