On Thu, 1 Sep 2022 23:25:16 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Since the algorithm is already encoded inside a PKCS #8 data block, it is not
> necessary to provide an algorithm when a `PKCS8EncodedKeySpec` object is
> created. The same for `X509EncodedKeySpec`.
src/java.base/share/classes/java/security/spec/EncodedKeySpec.java line 109:
> 107: * If this object is created with {@link #EncodedKeySpec(byte[])},
> this method in
> 108: * this base class returns {@code null}. A child class may parse the
> content of the encoded
> 109: * key and return its algorithm name if one can be recovered.
Personally I think it sounds better to say "key and return its algorithm name
if it can be determined.
src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java line 73:
> 71: * it will be returned. Otherwise, the object identifier inside the
> `privateKeyAlgorithm`
> 72: * field is returned in its string format (For example,
> "1.3.14.7.2.1.1").
> 73: * If the encoded key cannot be parsed correctly, the algorithm will
> be null.
Is this that OID format last week we talked about with passing algorithms we
don't know to another provider?
-------------
PR: https://git.openjdk.org/jdk/pull/10131
