On Thu, 23 Oct 2025 04:14:26 GMT, Anthony Scarpino <[email protected]> wrote:
>> Hi >> >> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the >> PEM API. The most significant changes from [JEP >> 470](https://openjdk.org/jeps/470) are: >> >> - Renamed the name of `PEMRecord` class to `PEM`. >> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` >> class to accept `DEREncodable` objects rather than just `PrivateKey` objects >> so that cryptographic objects with public keys, i.e., `KeyPair` and >> `PKCS8EncodedKeySpec`, can also be encrypted. >> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the >> encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects. >> >> thanks >> >> Tony > > Anthony Scarpino has updated the pull request incrementally with one > additional commit since the last revision: > > more doc updates and zeroing Very minor comments. src/java.base/share/classes/java/security/PEMDecoder.java line 117: > 115: * If an encrypted private key PEM is processed by a decoder not > configured > 116: * for decryption, an {@link EncryptedPrivateKeyInfo} object is returned. > 117: * A PEMDecoder configured for decryption will decode unencrypted PEM. Put `PEMDecoder` in `{@code}`. src/java.base/share/classes/java/security/PEMDecoder.java line 134: > 132: * } > 133: * > 134: * @implNote This implementation decodes {@code RSA PRIVATE KEY} as > {@code PRIVATE KEY}, Shall we say "decodes as" or "treat the same as"? You decode "RSA PRIVATE KEY" to `PrivateKey` and not "PRIVATE KEY". src/java.base/share/classes/java/security/PEMDecoder.java line 296: > 294: * {@link java.nio.charset.StandardCharsets#UTF_8 UTF-8}. > 295: * > 296: * @param str a String containing PEM data `string`, or `{@code String}`. Same for `decode(String, tClass)`. src/java.base/share/classes/java/security/PEMDecoder.java line 331: > 329: * <p> If no PEM data is found, an {@code EOFException} is thrown. > 330: * > 331: * @param is InputStream containing PEM data `{@code InputStream}`. Same for the other method. src/java.base/share/classes/java/security/PEMDecoder.java line 364: > 362: * {@link java.nio.charset.StandardCharsets#UTF_8 UTF-8}. > 363: * > 364: * @param <S> Class type parameter that extends {@code DEREncodable} Maybe `class`? Same with the other method. src/java.base/share/classes/java/security/PEMDecoder.java line 513: > 511: * > 512: * @param provider the factory provider > 513: * @return a new PEMDecoder instance configured with the {@code > Provider} `{code PEMDecoder}`. Same with `withDecryption`. src/java.base/share/classes/java/security/PEMEncoder.java line 53: > 51: * <p> Encoding can be performed on cryptographic objects that > 52: * implement {@link DEREncodable}. The {@link #encode(DEREncodable)} > 53: * and {@link #encodeToString(DEREncodable)} methods encode a DEREncodable `DEREncodable` should be in `{@code}`. src/java.base/share/classes/java/security/PEMEncoder.java line 54: > 52: * implement {@link DEREncodable}. The {@link #encode(DEREncodable)} > 53: * and {@link #encodeToString(DEREncodable)} methods encode a DEREncodable > 54: * into PEM and return the data in a byte array or String. If `String`, put in `{@code}`; or, `string`. ------------- PR Review: https://git.openjdk.org/jdk/pull/27147#pullrequestreview-3372477930 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457223956 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457229113 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457235405 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457250468 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457257641 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457263167 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457168711 PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2457172299
