On 9/8/20 11:42 AM, Anders Rundgren wrote:
On 2020-09-08 19:29, Anthony Scarpino wrote:
On 8/30/20 9:51 AM, Anders Rundgren wrote:
Hi,
This applies to JDK 11.
https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/interfaces/XECKey.html
what is the value of "AlgorithmParameterSpec"?
In JDK 15 the new EdECKey has gotten a more logical solution:
https://urldefense.com/v3/__https://download.java.net/java/early_access/jdk15/docs/api/java.base/java/security/interfaces/EdECKey.html__;!!GqivPVa7Brio!M6lIhNj1Si4NHI4Q9JggmTsJyTybhNLe9w7uQWg8WhivilAk6ALuc5-5pefjwY68yM9W$
thanx,
Anders
The return type for XECKey.getParams() was trying to be more generic,
probably too generic.
I guessed that. Don't you have the same problem with EdECKey?
Different opinions as the APIs were developed several years apart
NamedParameterSpec implements AlgorithParameterSpec.
Right, this is clear by looking at the API.
The implementationf or XECKey returns a NamedParameterSpec.
Here is gets a bit slippery (at least compared to the solution for
EdECKey) because this is 1) Undocumented 2) Oracle-provider-specific,
both which pretty much nullifies the value of the public interface.
The intention at the time was if in the future XEC required different an
AlgorithmParameterSpec that it would not have to inherit
NamedParameterSpec. With EdDSA, we decided that was unnecessary.
The implementation returning NamedParameterSpec does not nullify the
public interface. I was stating XECKey's return type in the context of
the differences between EdECKey and XECKey and that it is consistent in
the end. When using XECKey.getParams(), checking the instanceof maybe a
good idea. I would say the API allows for more flexibility for
non-oracle providers by returning AlgorithmParameterSpec. As far as
being undocumented, that maybe true in other documentation, but the API
should not be specifying what SunEC is returning.
I may (surely) be wrong but changing the API to return
NamedParameterSpec should not break any existing code based on the
Oracle provider.
Once the API is published, we cannot change it.
Tony
Thanx,
Anders
Tony
