-
Bug
-
Resolution: Unresolved
-
P4
-
24, 25
-
None
-
generic
-
generic
Hello,
With the keytool command one can generate an ML-KEM key pair and sign the certificate with an EC key (similar to https://openjdk.org/jeps/496):
echo "Creating SERVER keypair"
keytool -genkeypair \
-alias $SERVER_ALIAS \
-keyalg ec \
-dname "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US" \
-validity 365 \
-keystore server.p12 \
-storetype PKCS12 \
-storepass $PASSWORD \
-keypass $PASSWORD
keytool -keystore server.p12 \
-storepass $PASSWORD \
-genkeypair -alias server-mlkem \
-keyalg ML-KEM-768 \
-dname "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US" \
-signer $SERVER_ALIAS
When monitoring for X509 certificate details via `jdk.X509Certificate`, I've registered the following event for the ML-KEM key, mentioning that the keyLength is -1:
jdk.X509Certificate {
startTime = 10:40:10.001 (2025-06-04)
algorithm = "SHA384withECDSA"
serialNumber = "2c:37:78:b9:15:08:56:97"
subject = "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US"
issuer = "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US"
keyType = "ML-KEM"
keyLength = -1
certificateId = 3999547851
validFrom = 14:37:39.000 (2025-06-03)
validUntil = 14:37:39.000 (2025-09-01)
eventThread = "main" (javaThreadId = 3)
stackTrace = [
sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 128
java.security.cert.CertificateFactory.generateCertificate(InputStream) line: 360
sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(DerInputStream) line: 2406
sun.security.pkcs12.PKCS12KeyStore.lambda$engineLoad$0(AlgorithmParameters, byte[], char[]) line: 2105
sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore$RetryWithZero, char[]) line: 254
]
}
The key length of an asymmetric key refers to the size of its modulus, but post-quantum algorithms based on lattice cryptography, such as ML-KEM, do not use a modulus. Instead NIST assigns a security category to each standardized parameter set: for example, ML-KEM-768 is assigned to category 3, and ML-DSA-87 to category 5. So the -1 value seems to stand for "Not Available" in this case, but maybe a better solution or documentation would explain how JFR captures details when post-quantum cryptography algorithms are used.
With the keytool command one can generate an ML-KEM key pair and sign the certificate with an EC key (similar to https://openjdk.org/jeps/496):
echo "Creating SERVER keypair"
keytool -genkeypair \
-alias $SERVER_ALIAS \
-keyalg ec \
-dname "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US" \
-validity 365 \
-keystore server.p12 \
-storetype PKCS12 \
-storepass $PASSWORD \
-keypass $PASSWORD
keytool -keystore server.p12 \
-storepass $PASSWORD \
-genkeypair -alias server-mlkem \
-keyalg ML-KEM-768 \
-dname "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US" \
-signer $SERVER_ALIAS
When monitoring for X509 certificate details via `jdk.X509Certificate`, I've registered the following event for the ML-KEM key, mentioning that the keyLength is -1:
jdk.X509Certificate {
startTime = 10:40:10.001 (2025-06-04)
algorithm = "SHA384withECDSA"
serialNumber = "2c:37:78:b9:15:08:56:97"
subject = "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US"
issuer = "CN=localhost, OU=Dev, O=MyOrg, L=City, ST=State, C=US"
keyType = "ML-KEM"
keyLength = -1
certificateId = 3999547851
validFrom = 14:37:39.000 (2025-06-03)
validUntil = 14:37:39.000 (2025-09-01)
eventThread = "main" (javaThreadId = 3)
stackTrace = [
sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 128
java.security.cert.CertificateFactory.generateCertificate(InputStream) line: 360
sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(DerInputStream) line: 2406
sun.security.pkcs12.PKCS12KeyStore.lambda$engineLoad$0(AlgorithmParameters, byte[], char[]) line: 2105
sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore$RetryWithZero, char[]) line: 254
]
}
The key length of an asymmetric key refers to the size of its modulus, but post-quantum algorithms based on lattice cryptography, such as ML-KEM, do not use a modulus. Instead NIST assigns a security category to each standardized parameter set: for example, ML-KEM-768 is assigned to category 3, and ML-DSA-87 to category 5. So the -1 value seems to stand for "Not Available" in this case, but maybe a better solution or documentation would explain how JFR captures details when post-quantum cryptography algorithms are used.
- links to
-
Review(master)
openjdk/jdk/25642