RFR: 8325448: Hybrid Public Key Encryption [v43]
Weijun Wang
weijun at openjdk.org
Mon Sep 15 23:20:35 UTC 2025
On Mon, 15 Sep 2025 22:42:31 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> I just meant if it's not "RAW" (maybe `null`?) then I have no way to check its length. A 16 byte AES will be rejected if it has an encoding which is almost always of "RAW" format.
>>
>> Or, did you confuse `getAlgorithm` and `getFormat`?
>
> I know it's `getFormat`. Since there is a length check for "RAW", I was wondering why "PKCS#8", didn't use `psk.getEncoded().length` to checked. If you are handling the "RAW" case in this method and later on a short key is checked, that is fine.
I'm expecting a `SecretKey` here. If it's "PKCS#8", I probably will have to error out somewhere. But then inside `HPKE` the implementation, it should work with both software and hardware keys so I should not look at `getFormat` anymore. Anyway, I'm just trying to do as much as I can.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2350306860
More information about the security-dev
mailing list