RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)
Weijun Wang
weijun at openjdk.org
Fri Sep 12 20:10:24 UTC 2025
On Fri, 12 Sep 2025 18:29:55 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hi
>>
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API. The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>>
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>>
>> thanks
>>
>> Tony
>
> src/java.base/share/classes/sun/security/ec/ECPrivateKeyImpl.java line 255:
>
>> 253: if (seq.data.available() != 0) {
>> 254: DerValue derValue = seq.data.getDerValue();
>> 255: if (derValue.isContextSpecific((byte) 1)) {
>
> If any of these `if`s is false `null` is returned. Would you rather throw an IAE?
I see there could be a
parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
Shall we skip it?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2345120268
More information about the security-dev
mailing list