RFR: 8347938: Switch to latest ML-KEM private key encoding [v6]

Ben Perez bperez at openjdk.org
Fri Aug 15 15:50:13 UTC 2025


On Tue, 5 Aug 2025 14:31:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IETF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-11 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10. New security/system properties are introduced to determine which CHOICE a private key is encoded when a new key pair is generated or when `KeyFactory::translateKey` is called.
>> 
>> By default, the choice is "seed".
>> 
>> Both the encoding and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key, the expanded format is calculated from the input if it's seed only.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Ben comment

Marked as reviewed by bperez (Committer).

-------------

PR Review: https://git.openjdk.org/jdk/pull/24969#pullrequestreview-3124333022


More information about the security-dev mailing list