RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v11]
Martin Balao
mbalao at openjdk.org
Fri Jan 17 19:49:41 UTC 2025
On Fri, 17 Jan 2025 19:37:07 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 198:
>>
>>> 196: CK_ATTRIBUTE.SIGN_TRUE};
>>> 197:
>>> 198: P12MacPBEKeyInfo(String algo, long kdfMech, HMACKeyInfo hmacKi) {
>>
>> Maybe I'm missing something. Why this change? At least on the software side, we're leaving PBE algs untouched.
>
> Just making use of newer classes, I suppose.
Now that we have key mapping info for HMAC keys, we take advantage of it in other places. Related to the change that you mentioned there is also the change in `P11Mac`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1920669809
More information about the security-dev
mailing list