Hiya,
On 13/04/2023 23:35, Weijun Wang wrote:
Apologies for the interruption from the sidelines but I have a query if that's ok. Is there any relationship between this work and RFC1980 which defines HPKE, being a way of encrypting to a public value using a KEM?We know about HPKE,
Of course:-)
and it can makes use of the DHKEM implementation here (if the AuthEncap/AuthDecap functions are not used).
FWIW, I'm not aware of any protocol yet attempting to make use of the authenticated HPKE modes, so that seems very reasonable. (OTOH, it's not that hard for a library to support all modes, so it may be worth some consideration.)
However, we (Oracle's Java SE Security Team) don't have a plan to include HPKE inside OpenJDK yet.
Entirely fair. If doing so is of interest (to you or others), I'd be happy to try help. (Ping me on/off-list if that is of interest.)
This PR is mainly about adding the KEM SPI so 3rd security providers can implement other KEM algorithms. DHKEM is included mainly to prove that the API is usable.
Grand. I'll get out of the way of this thread so:-) But again, if interested, do reach out, as I'm keen to see ECH support ending up widespread and HPKE is a fine precursor for that. Cheers, S.
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
