RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v4]
Sean Mullan
mullan at openjdk.org
Fri Oct 3 17:36:54 UTC 2025
On Thu, 25 Sep 2025 23:03:11 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi
>>
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API. The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>>
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>>
>> thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>
> missed some decoder comments
src/java.base/share/classes/java/security/PEMEncoder.java line 1:
> 1: /*
Suggest using "PEM-encoded" instead of "PEM encoded" to be consistent with JEP wording.
src/java.base/share/classes/java/security/PEMEncoder.java line 1:
> 1: /*
line 48, s/CRL/CRLs/
src/java.base/share/classes/java/security/PEMEncoder.java line 71:
> 69: * OneAsymmetricKey structure using the "PRIVATE KEY" type.
> 70: *
> 71: * <p> When encoding a {@link PEM}, the API surrounds the
suggest saying "When encoding a PEM object, ..."
src/java.base/share/classes/java/security/PEMEncoder.java line 72:
> 70: *
> 71: * <p> When encoding a {@link PEM}, the API surrounds the
> 72: * {@link PEM#content()} with the PEM header and footer
s/the/a/
src/java.base/share/classes/java/security/PEMEncoder.java line 73:
> 71: * <p> When encoding a {@link PEM}, the API surrounds the
> 72: * {@link PEM#content()} with the PEM header and footer
> 73: * from {@link PEM#type()}. {@link PEM#leadingData()} is
s/from/of/
src/java.base/share/classes/java/security/PEMEncoder.java line 74:
> 72: * {@link PEM#content()} with the PEM header and footer
> 73: * from {@link PEM#type()}. {@link PEM#leadingData()} is
> 74: * not included in the encoding. {@code PEM} will not perform
I don't think you need this final sentence, leave that to the `PEM` javadocs.
src/java.base/share/classes/java/security/PEMEncoder.java line 267:
> 265: * by the {@code jdk.epkcs8.defaultAlgorithm} security property and
> 266: * uses the default encryption parameters of the provider that is selected.
> 267: * For greater flexibility with encryption options and parameters, use
Suggest using the JEP words here instead: "To use non-default encryption parameters, or to encrypt with a different encryption [provider](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/java/security/Provider.html), use ..."
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402627574
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402745066
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402751207
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402754710
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402755066
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402759080
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2402653825
More information about the security-dev
mailing list