On 11/16/23 5:36 PM, Bernd Eckenfels wrote:
Anthony Scarpino wrote on 16. Nov 2023 23:47 (GMT +01:00):
Hi all,
We are proposing to add an API for PEM and a foundation for other
crypto encoding.
I like the modularity and that you do not try to squeeze it into the
existing services.
I wonder if you should also allow to set comment or generally text
headers when encoding and for decoding if you need access to the
comment.
There are some variants like „BEGIN PUBLiC SSH KEY“ maybe the JEP
should list the ones which are accepted
Does the encoder need to make the line configurable?
PEMEncoder/PEMDecoder support PKCS8 and X509, as those are the binary
encodings the JDK JCE providers support.
Other encodings, like SSH, OpenSSL, or JOSE, would be implemented in a
separate classes implementing Encoder<T> and Decoder<T>. Those classes
could parses the headers, footers, and binary encodings.
A single class parsing all encodings was too complicated. Allowing
developers to implement other Encoders/Decoders provides for
customization and potentially contributions back to the JDK.
Should initial version already support PQC keys?
It depends if PQC Key classes are availability by PEM integration.
Tony
