RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v7]
Sean Mullan
mullan at openjdk.org
Wed Oct 22 19:41:56 UTC 2025
On Mon, 20 Oct 2025 22:19:41 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi
>>
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API. The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>>
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>>
>> thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with two additional commits since the last revision:
>
> - fix non-pbe
> - doc updates, zeroing, fix unencrypted keypair encoding, exception mods
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 1:
> 1: /*
Some inconsistency in parameter definitions that are the same across different methods. Please check and use consistent wording.
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 368:
> 366: * @throws RuntimeException if encryption of the encoding fails
> 367: *
> 368: * @implNote The {@code jdk.epkcs8.defaultAlgorithm} security property
You can remove this impl note since algorithm param is required now.
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 535:
> 533: * decryption key and provider.
> 534: *
> 535: * @param decryptKey the decryption key. Must not be {@code null}
Missing period.
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 538:
> 536: * @param provider the {@code Provider} used for {@link Cipher} decryption
> 537: * and {@link PrivateKey} generation. If {@code null}, the
> 538: * default provider configuration is used
Missing period.
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 604:
> 602: * @param decryptKey the decryption key; must not be {@code null}
> 603: * @param provider the {@code Provider} used for {@link Cipher} decryption
> 604: * and key generation. If {@code null} the default provider
comma after "if null".
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 605:
> 603: * @param provider the {@code Provider} used for {@link Cipher} decryption
> 604: * and key generation. If {@code null} the default provider
> 605: * configuration is used
Missing period.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453163439
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453121482
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453162122
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453157490
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453160035
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453158818
More information about the security-dev
mailing list