RFR: 8325448: Hybrid Public Key Encryption [v34]

Sean Mullan mullan at openjdk.org
Wed Aug 27 12:27:53 UTC 2025


On Tue, 26 Aug 2025 16:01:34 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> 
>> <img src="https://github.com/user-attachments/assets/45625334-903b-4a3d-a987-7fddeab9a604" />
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   address Sean's comments

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 125:

> 123:  * <p>
> 124:  * HPKE internally uses an AEAD cipher for message encryption and decryption.
> 125:  * As with any AEAD cipher, each {@code doFinal} call on the receiver side must

Should say something like IV must be set each time, so the next sentence makes more sense where you talk about IVs.

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 128:

> 126:  * correspond to exactly one complete ciphertext, and the number and order of
> 127:  * calls must match on both sides. Unlike the direct use of an AEAD cipher,
> 128:  * however, an HPKE cipher manages nonce generation internally, and there is no

Suggest you avoid "nonce" and just use "IV" to avoid too many security terms.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303767913
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303766369


More information about the security-dev mailing list