RFR: 8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings [v12]
Weijun Wang
weijun at openjdk.org
Thu Jan 29 21:14:05 UTC 2026
On Thu, 29 Jan 2026 20:45:12 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs/NamedPKCS8Key.java line 68:
>>
>>> 66: ///
>>> 67: /// A `NamedPKCS8Key`, when created, must include `expanded` if required, its
>>> 68: /// `privKeyMaterial` must have already been validated for internal consistency.
>>
>> I don't understand this sentence - maybe should be two sentences?
>
> I can break it into 2 sentences. Basically, it means after this key has been created, the `expanded` and `privKeyMaterial` fields have already been checked for consistency so users don't need to check anymore.
How about this?
/// If the `expanded` field is required by the algorithm, it is either
/// [calculated from the PKCS #8 encoding][#NamedPKCS8Key(String, byte[], Expander)],
/// or [provided directly][#NamedPKCS8Key(String, String, byte[], byte[])].
/// In the latter case, the caller must ensure the consistency of the `encoded`
/// and `expanded` arguments. For example, seed and expanded key should match.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24969#discussion_r2743564211
More information about the security-dev
mailing list