On Tue, 26 Aug 2025 16:01:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >> >> <img >> src="https://github.com/user-attachments/assets/45625334-903b-4a3d-a987-7fddeab9a604"; >> /> > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > address Sean's comments src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 125: > 123: * <p> > 124: * HPKE internally uses an AEAD cipher for message encryption and > decryption. > 125: * As with any AEAD cipher, each {@code doFinal} call on the receiver > side must Should say something like IV must be set each time, so the next sentence makes more sense where you talk about IVs. src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 128: > 126: * correspond to exactly one complete ciphertext, and the number and > order of > 127: * calls must match on both sides. Unlike the direct use of an AEAD > cipher, > 128: * however, an HPKE cipher manages nonce generation internally, and > there is no Suggest you avoid "nonce" and just use "IV" to avoid too many security terms. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303767913 PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2303766369
