On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). >> >> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924). > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > change impl class to use byte arrays rather than SecretKey objects where > possible src/java.base/share/classes/javax/crypto/KDF.java line 89: > 87: * the {@code deriveKey} or {@code deriveData} method is called, and a > provider > 88: * is chosen that supports the parameters passed to the {@code deriveKey} > or > 89: * {@code deriveData} method. However, if {@code getProviderName} or This sentence is repeating what you said in the first sentence of the previous paragraph, so I don't think it is needed. Some suggested re-wordings (and a typo fix on `getKDFParameters` method name), starting this paragraph as: "If the {@code getProviderName} or {@code getParameters} method is called before the {@code deriveKey} or {@code deriveData} methods, the first provider supporting the KDF algorithm and optional {@code KDFParameters} is chosen. This provider may not support the key material that is subsequently passed to the deriveKey or deriveData methods. Therefore, it is recommended not to call the {@code getProviderName} or {@code getParameters} methods until after a key derivation operation. Once a provider is selected, it cannot be changed." ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1746055279
