RFR: 8347938: Switch to latest ML-KEM private key encoding [v2]
Andrey Turbanov
aturbanov at openjdk.org
Thu May 29 12:30:54 UTC 2025
On Thu, 1 May 2025 13:01:38 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IETF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-08 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10. New security/system properties are introduced to determine which CHOICE a private key is encoded.
>>
>> Both the encoding and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key, the expanded format is either calculated or copied from the input.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> safer privKeyToPubKey; updated desciptions for the properties; adding braces to if blocks
src/java.base/share/classes/sun/security/provider/NamedKeyFactory.java line 80:
> 78: }
> 79:
> 80: private String checkName(String pname) throws InvalidKeyException {
Suggestion:
private String checkName(String pname) throws InvalidKeyException {
src/java.base/share/classes/sun/security/provider/NamedKeyPairGenerator.java line 158:
> 156: }
> 157:
> 158: private String checkName(String pname) throws InvalidAlgorithmParameterException {
Suggestion:
private String checkName(String pname) throws InvalidAlgorithmParameterException {
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24969#discussion_r2113843615
PR Review Comment: https://git.openjdk.org/jdk/pull/24969#discussion_r2113843341
More information about the security-dev
mailing list