On Thu, 5 Jun 2025 01:26:04 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Add more comment on why `KeyUtil::getKeySize` could return -1. Add a new >> method `getNistCategory` to get the NIST security category. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > enhance test to be exhaustive I think that the JFR event should not print -1 for the key size for ML-KEM keys, and should be able to identity a key type that doesn't have a key size and emit something else. Otherwise I think the issue reported in this bug is still an issue because users won't understand what -1 means. I actually think logging the ML-KEM variant (ex: ML-KEM-768) would be most useful. Nobody other than crypto experts are going to understand the NIST security levels, it's not much more user friendly than -1 in my opinion. Perhaps the JSR code could see if the key implements `NamedX509Key` and then print out the `NamedParameterSpec` constant ------------- PR Comment: https://git.openjdk.org/jdk/pull/25642#issuecomment-2944214724
