On 11/8/2017 6:50 PM, Michael StJohns wrote:
On 11/3/2017 4:59 PM, Jamil Nimeh wrote:
Add a .deriveData() with a return class of byte[]. This gets a
portion of the derived data stream in the clear. E.g. an IV.
Add a .deriveObject() with a return class of Object. The returned
object may not be an instance of java.security.Key. This takes the
derived data stream and converts it into the object type specified
by the derivation parameter. In a hardware security module, this
might be a reference to a secured set of data or even an
confidential IV.
Again, just want to make sure I understand fully: So in a case where
I want a given output to be an Object, I would provide a
DerivationParameterSpec with an alg of..."Object" (?), a byte
length, and Object-specific parameters provided through the "params"
argument to the DPS?
Working this through, but it should be a Class being specified with a
constructor of a byte array plus a length.
What is the motivation behind this constructor that takes a byte array?
It seems like this constructor wouldn't actually help in a hardware
implementation. Would it be better to leave the construction of this
object to the implementation?
