RFR: 8325448: Hybrid Public Key Encryption [v20]

Weijun Wang weijun at openjdk.org
Fri Jun 27 16:56:00 UTC 2025 

On Thu, 26 Jun 2025 22:40:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> 
>> ![HPKEParameterSpec06-27](https://github.com/user-attachments/assets/d0425a10-a312-4a95-8cee-2fbec5d83ddd)
>
> Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - no more of()
>  - extract and expand

Hi Sebastian, the API you suggested is only the KEM step, and it should be made internal inside HPKE.

At the end of the day, HPKE is still a cipher. I understand the key encapsulation message (aka, KEM ciphertext) is different from a traditional IV, but they share some key characteristics:  1) generated by the sender after initialization, 2) cryptographically random, 3) then made public, 4) has critical impact on encryption result.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-3013507967

More information about the security-dev mailing list