RFR: 8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings [v13]
Sean Mullan
mullan at openjdk.org
Mon Feb 2 15:57:30 UTC 2026
On Fri, 30 Jan 2026 15:55:17 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest [draft-ietf-lamps-kyber-certificates-11](https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-11) and [RFC 9881](https://datatracker.ietf.org/doc/rfc9881/). New security/system properties are introduced to determine which CHOICE a private key is encoded when a new key pair is generated or when `KeyFactory::translateKey` is called.
>>
>> By default, the choice is "seed".
>>
>> Both the encoding and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS8 key, the expanded format is calculated from the input if it's seed only.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> address Sean's comments; more test cases
Marked as reviewed by mullan (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/24969#pullrequestreview-3740356268
More information about the security-dev
mailing list