RFR: 8298420: PEM API: Implementation (Preview) [v15]
Weijun Wang
weijun at openjdk.org
Mon May 5 15:14:08 UTC 2025
On Fri, 2 May 2025 06:09:52 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates. It will be integrated into JDK24 as a Preview Feature. Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>>
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>>
>> Thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 66 commits:
>
> - major code review comments update
> - Merge branch 'master' into pem
> - Merge branch 'master' into pem
> - javadoc updates
> - code review comments
> - merge with master
> - better comment and remove commented out code
> - Merge branch 'master' into pem
> - Merge branch 'pem-merge' into pem
> - merge
> - ... and 56 more: https://git.openjdk.org/jdk/compare/e2ae50d8...0c540327
src/java.base/share/classes/java/security/PEMEncoder.java line 141:
> 139: */
> 140: public String encodeToString(DEREncodable de) {
> 141: Objects.requireNonNull(de);
Do you need to check if `getFormat` of the key is "PKCS#8" or "X.509" before passing the encoding to `buildKey`? For example, we actually allows RSA key having "PKCS#1" format ML-KEM/ML-DSA allows keys in "RAW" format.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2073636749
More information about the security-dev
mailing list