<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 6/25/2017 2:21 AM, Anders Rundgren
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e9b45c8d-c9d6-b10b-e44b-b08cd97f4099@gmail.com">During
the work with <a class="moz-txt-link-freetext" href="https://github.com/cyberphone/java-cfrg-spec">https://github.com/cyberphone/java-cfrg-spec</a> I had
to look at the PKCS #8 spec as well.
<br>
It turns out that JDK 8 does not comply with RFC 5915's SHOULD
since EC private keys created by KeyPairGenerator do not contain
public key info when getEncoded().
<br>
I didn't check PKCS #8 de-serialization and serialization but I
guess it doesn't work for that either.
<br>
<br>
This is by no means serious, but differs from BouncyCastle as well
as OpenSSL.
<br>
<br>
Anders
<br>
</blockquote>
<p>Umm... SHOULD is not a MUST - JDK8 does comply with the RFC, it
just doesn't provide the "convenient" field:</p>
<p>
<blockquote type="cite">
<pre class="newpage"> The publicKey
field can be omitted when the public key has been distributed via
another mechanism, which is beyond the scope of this document.
Given the private key and the parameters, the public key can
always be recomputed; this field exists as a convenience to the
consumer.
</pre>
</blockquote>
<br>
</p>
<p>I always thought that RFC5915 should have specified "MAY" there
instead. The main reason is that its trivial to reconstitute the
public key from the private key so there is mostly no need to keep
the two together and the actual text suggested as much.</p>
<p>Ideally, there should be a way to control what gets included in
the encoding - but the "getEncoded()" method doesn't permit an
argument for format.</p>
<p>Later, Mike</p>
<p><br>
</p>
<p><br>
</p>
</body>
</html>