On Wed, 4 Jun 2025 14:59:43 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Add more comment on why `KeyUtil::getKeySize` could return -1. Add a new > method `getNistCategory` to get the NIST security category. src/java.base/share/classes/sun/security/util/KeyUtil.java line 62: > 60: * each standardized parameter set. For example, ML-KEM-768 is > assigned to > 61: * category 3, and ML-DSA-87 to category 5. > 62: * Should we consider returning whatever number is an the end of PQC algorithms as a key size? That would make things consistent and it would allow us to use existing `keySize` algorithm constraints for PQC algorithms. Key sizes for RSA and EC algorithms already differ significantly for the same security level: 3072-bit RSA corresponds to 256-bit EC. So we can return `768` for ML-KEM-768 or `87` for ML-DSA-87. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/25642#discussion_r2126968358
