On Mon, 21 Oct 2024 19:52:36 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> Hi all, >> >> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a >> format for encoding and decoding cryptographic keys and certificates. It >> will be integrated into JDK24 as a Preview Feature. Preview features does >> not permanently define the API and it is subject to change in future >> releases until it is finalized. >> >> Details about this change can be seen at [PEM API >> JEP](https://bugs.openjdk.org/browse/JDK-8300911). >> >> Thanks >> >> Tony > > Anthony Scarpino has updated the pull request incrementally with one > additional commit since the last revision: > > apparently <p> can't be before a @implNote.. Who know. src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 143: > 141: > 142: // OPTIONAL Context tag 0 for Attributes for PKCS8 v1 & v2 > 143: // Uses 0xA0 constructed define-length or 0x80 constructed Minor nit: 0xA0 = context-specific/constructed, 0x80 = context-specific/primitive. Definite length vs. indefinite length is not defined by the tag itself. src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 312: > 310: } > 311: > 312: if (pubKeyEncoded != null) { Looking back at an earlier conversation between you and Weijun, I think I read that pubKeyEncoded will be set/overwritten if the private key encoding holds a public key. So when consuming a PKCS#8 EC key, where the private key is itself a SEC1-v2 formatted key encoding with a pubkey, wouldn't the version be set to 0 (v1), but the pubKeyEncoded is also non-null? I ask only because upon running this method, wouldn't you end up making the output a v2 OneAsymmetricKey, still with the SEC1-v2 private key (with pub key) and also have it in the public key section? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1824626791 PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1824667941
