we should add the following two methods for the class of javax.crypto.EncryptedPrivateKeyInfo
public PKCS8EncodedKeySpec getKeySpec(Key key)
throws InvalidKeySpecException
public PKCS8EncodedKeySpec getKeySpec(Key key, String provider)
throws InvalidKeySpecException
Justification:
a) In this approach, the getKeySpec method creates a cipher object for the
appropriate decryption algorithm and initializes it with the given
decryption key and the algorithm parameters (if any) that were stored in
the EncryptedPrivateKeyInfo object.
This approach has the advantage that the party who retrieve the
PKCS8EncodedKeySpec object does not need to keep track of the parameters
(e.g., an IV, algorithm name, Cipher mode, padding scheme and so on) that
were used to encrypt the PKCS8EncodedKeySpec object.
b) (Consistency point of view)
Follow the same the design principle used by other JAVA API design
For example, look at
http://java.sun.com/j2se/1.4/docs/api/javax/crypto/SealedObject.html
The following two methods are provided for SealedObject class
getObject(Key key)
getObject(Key key, String provider)
since SealedObject and EncryptedPrivateKeyInfo class are kind of similar,
should they offer the similar set of API in order to achieve the same
level of EOU (ease of use)?