-
Type:
Enhancement
-
Resolution: Unresolved
-
Priority:
P4
-
None
-
Affects Version/s: None
-
Component/s: security-libs
-
None
There are 2 problems with DHKEM on PKCS11:
1. DHKEM requires the ability to get the public key from a private key (https://www.rfc-editor.org/rfc/rfc9180.html#section-3-2.4). Back inJDK-8305310, we did this for EC and XDH in the SunEC provider. The function is not available in PKCS #11. Note that there is no XDH support in SunPKCS11 yet.
2. The full Encapsulator.encapsulate and Decapsulator.decapsulate methods accept from and to arguments to return a slice of the shared secrets as the resulting key. However, if the shared secrets are held in an unextractable key, there is currently no way to obtain this slice.
1. DHKEM requires the ability to get the public key from a private key (https://www.rfc-editor.org/rfc/rfc9180.html#section-3-2.4). Back in
2. The full Encapsulator.encapsulate and Decapsulator.decapsulate methods accept from and to arguments to return a slice of the shared secrets as the resulting key. However, if the shared secrets are held in an unextractable key, there is currently no way to obtain this slice.
- links to
-
Review(master)
openjdk/jdk/23651