On Thu, 28 Aug 2025 11:55:13 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> > > Hi Sebastian, the API you suggested is only the KEM step, and it should > > > be made internal inside HPKE. > > > At the end of the day, HPKE is still a cipher. I understand the key > > > encapsulation message (aka, KEM ciphertext) is different from a > > > traditional IV, but they share some key characteristics: 1) generated by > > > the sender after initialization, 2) cryptographically random, 3) then > > > made public, 4) has critical impact on encryption result. > > > > > > To avoid some of this potential confusion, I think it could help to expand > > on the description of `Cipher.getIV()` to describe this new use case for > > IV, something like changing this sentence: > > "This is useful in the case where a random IV was created, or in the > > context of password-based encryption or decryption, where the IV is derived > > from a user-supplied password." > > to: > > "This is useful in the case where a random IV was created, or in the > > context of password-based encryption or decryption, where the IV is derived > > from a user-supplied password, or in the case of HPKE (Hybrid Public Key > > Encryption) where IV contains the encapsulation of the KEM shared secret." > > Good idea. Somehow I hesitate to update the base spec directly. Shall we put > the whole paragraph into an `@apiNote`? A similar paragraph also appears in > `CipherSpi::engineGetIV`. Yes, making this text an API note, which is what it really is, is a really good idea. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-3233362526
