RFR: 8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings [v12]
Sean Mullan
mullan at openjdk.org
Fri Jan 30 20:57:01 UTC 2026
On Thu, 29 Jan 2026 21:11:08 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> I can break it into 2 sentences. Basically, it means after this key has been created, the `expanded` and `privKeyMaterial` fields have already been checked for consistency so users don't need to check anymore.
>
> How about this?
>
> /// If the `expanded` field is required by the algorithm, it is either
> /// [calculated from the PKCS #8 encoding][#NamedPKCS8Key(String, byte[], Expander)],
> /// or [provided directly][#internalCreate(String, String, byte[], byte[])].
> /// In the latter case, the caller must ensure the consistency of the `encoded`
> /// and `expanded` arguments. For example, seed and expanded key should match.
Ok.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24969#discussion_r2747952449
More information about the security-dev
mailing list