On Thu, 15 Aug 2024 21:04:56 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java >> line 124: >> >>> 122: List<SecretKey> salts; >>> 123: SecretKey inputKeyMaterial; >>> 124: SecretKey salt; >> >> Looking at the implementation, it seems you can just use byte[] for >> `inputKeyMaterial` and `salt`. Why bother packaging the bytes into a >> `SecretKey` object and later calling `getEncoded()` to retrieve it again? > > We use SecretKey, because sometimes the raw bytes may not be available to us, > for example if it's a hardware key. Well, you can't handle this case and throws InvalidKeyException when there are such keys. When concatenating key objects, you accessed the raw bytes one by one and then use the resulting bytes to create a SecretKey object which is unnecessary... I've tried making the "SecretKey" to "byte[]" change for `inputKeyMaterial` and `salt` in my local workspace and it simplifies the code. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720141343
