On Mon, 28 Apr 2025 03:44:43 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line
>> 416:
>>
>>> 414: * {@link PrivateKey} using the {@code encKey} and given
>>> parameters.
>>> 415: *
>>> 416: * If {@code algorithm} is {@code null} the default algorithm will
>>> be used.
>>
>> In the other `encryptKey` method using password, `algorithm` must be
>> provided. Why the inconsistency?
>>
>> In fact, since you have `encKey`, doesn't it already have an algorithm name?
>
> It maybe good for both `encryptKey` methods do not allow null algorithms when
> APS is non-null. I think `PBEParameterSpec` is currently the only APS used,
> but if in the future a new APS is used, a default algorithm with a specified
> APS could lead to applications breaking.
>
> There is no guarantee the key's algorithm will be properly formatted to use
> as an algorithm name. I wouldn't trust it.
I see. I noticed in your `EncryptKey` test that the algorithm can be simply
"PBE".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2064083969
