RFR: 8325448: Hybrid Public Key Encryption [v8]
Weijun Wang
weijun at openjdk.org
Tue Mar 4 01:04:56 UTC 2025
On Mon, 3 Mar 2025 15:57:49 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>>
>> 
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> add mode_auth and mode_auth_psk, tiny spec change
Initially, I was unsure whether to support `mode_auth` and `mode_auth_psk` since our `KEM` API does not support authenticated encapsulation. However, after looking at HPKE implementations from other vendors -- such as OpenSSL, Go, and Rust -- I found that most of them support it. In the latest commit, I’ve added support by directly invoking newly added methods in the `DHKEM` private class.
Note that DHKEM is a higher-level cryptographic algorithm built on lower-level primitives like DH key agreement and HKDF. As a result, even though it is implemented only in the SunJCE provider, it can handle keys or IKM values from other providers by leveraging DH and HKDF from those providers.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-2695918278
More information about the security-dev
mailing list