Summary

Introduce an API for encoding and decoding the Privacy-Enhanced Mail (PEM) format. The PEM format is used for storing and sending cryptographic keys and certificates.

Problem

PEM is a textual encoding used for storing and transferring security objects, such as asymmetric keys, certificates, and certificate revocation lists (CRLs). Defined in RFC 1421 and RFC 7468, PEM consists of a Base64-formatted binary encoding surrounded by a header and footer identifying the type.

The Java API does not provide an easy-to-use implementation of PEM. It leaves much of the work to the developer; from using trial-and-error techniques to discover the binary encoded key algorithm, to stripping or adding PEM headers and footers, to creating all the encryption objects necessary to encrypt or decrypt a private key. This complexity drives users to find other solutions. Java can simplify these tasks by providing an internal parser to obtain the key algorithm and a simple API to read and write PEM textual data. The next two sections will illustrate how the current Java APIs are lacking and tedious to use for reading and writing PEM textual data.

Solution

Provide new API to encode and decode PEM data. Alternative API designs are documented in the JEP (https://bugs.openjdk.org/browse/JDK-8300911).

Specification

See attached spec files