> The private key encoding formats of ML-KEM and ML-DSA are updated to match > the latest IETF drafts at: > https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-11 > and > https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10. > New security/system properties are introduced to determine which CHOICE a > private key is encoded when a new key pair is generated or when > `KeyFactory::translateKey` is called. > > By default, the choice is "seed". > > Both the encoding and the expanded format are stored inside a `NamedPKCS8Key` > now. When loading from a PKCS #8 key, the expanded format is calculated from > the input if it's seed only.
Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 14 commits: - Merge branch 'master' into 8347938 - one RFC; some java.security word changes - fixed merge error - merge - merge - Ben comment - combine security properties description; remove one test - Merge branch 'master' into 8347938 - KeyChoices class - allow expanded to be null - ... and 4 more: https://git.openjdk.org/jdk/compare/20bd178b...dfbcaa09 ------------- Changes: https://git.openjdk.org/jdk/pull/24969/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24969&range=09 Stats: 2458 lines in 24 files changed: 1699 ins; 548 del; 211 mod Patch: https://git.openjdk.org/jdk/pull/24969.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24969/head:pull/24969 PR: https://git.openjdk.org/jdk/pull/24969
