RFR: 8325448: Hybrid Public Key Encryption [v14]

Weijun Wang weijun at openjdk.org
Wed Apr 2 20:59:51 UTC 2025 

On Wed, 2 Apr 2025 20:35:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> ![HPKEParameterSpec](https://github.com/user-attachments/assets/8cc7101b-92d1-43be-b7b4-24a7ba449231)
>
> Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - put encapsulation in params from getParameters
>  - receiver must specify all algorithm identifiers

Now receiver must provide all algorithm identifiers at cipher initialization. Calling `getParameters` on sender side returns an `AlgorithmParameters` object which contains the actual `HPKEParameterSpec` object used even the key encapsulation message (this message is still retrievable from `getIV`). In a real world application, the sender would typically retrieve the `kem_id`, `kdf_id`, `aead_id`, key encapsulation message, (optionally) `psk_id`, and whether an auth-key is used from it, and send these to the receiver. There is no byte array encoding of these information defined yet. Maybe there will be one when HPKE is used in CMS. That said, even if there is one, it probably cannot be used to recover a whole `HPKEParameterSpec` object directly, as sensitive data like psk and auth-key are not likely to be included.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-2773722258

More information about the security-dev mailing list