RFR: 8298420: PEM API: Implementation (Preview) [v14]
Weijun Wang
weijun at openjdk.org
Mon Apr 28 16:50:59 UTC 2025
On Mon, 28 Apr 2025 03:44:43 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 416:
>>
>>> 414: * {@link PrivateKey} using the {@code encKey} and given parameters.
>>> 415: *
>>> 416: * If {@code algorithm} is {@code null} the default algorithm will be used.
>>
>> In the other `encryptKey` method using password, `algorithm` must be provided. Why the inconsistency?
>>
>> In fact, since you have `encKey`, doesn't it already have an algorithm name?
>
> It maybe good for both `encryptKey` methods do not allow null algorithms when APS is non-null. I think `PBEParameterSpec` is currently the only APS used, but if in the future a new APS is used, a default algorithm with a specified APS could lead to applications breaking.
>
> There is no guarantee the key's algorithm will be properly formatted to use as an algorithm name. I wouldn't trust it.
I see. I noticed in your `EncryptKey` test that the algorithm can be simply "PBE".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2064083969
More information about the security-dev
mailing list