RFR: 8325448: Hybrid Public Key Encryption [v34]
Sean Mullan
mullan at openjdk.org
Wed Aug 27 12:27:53 UTC 2025
On Tue, 26 Aug 2025 16:01:34 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>>
>> <img src="https://github.com/user-attachments/assets/45625334-903b-4a3d-a987-7fddeab9a604" />
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> address Sean's comments
src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 125:
> 123: * <p>
> 124: * HPKE internally uses an AEAD cipher for message encryption and decryption.
> 125: * As with any AEAD cipher, each {@code doFinal} call on the receiver side must
Should say something like IV must be set each time, so the next sentence makes more sense where you talk about IVs.
src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 128:
> 126: * correspond to exactly one complete ciphertext, and the number and order of
> 127: * calls must match on both sides. Unlike the direct use of an AEAD cipher,
> 128: * however, an HPKE cipher manages nonce generation internally, and there is no
Suggest you avoid "nonce" and just use "IV" to avoid too many security terms.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303767913
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303766369
More information about the security-dev
mailing list