JDK-8234465 : Encoded elliptic curve private keys should include the public point
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-11-12
  • Updated: 2020-01-11
  • Resolved: 2019-12-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 15
15 b02Fixed
Related Reports
Relates :  
JDK-8236052 - More restrictive ECPrivateKey parsing
Relates :  
JDK-8236070 - Backout fix for JDK-8234465
Description
A DESCRIPTION OF THE PROBLEM :
According to RFC 5915 (https://tools.ietf.org/html/rfc5915), an ASN.1 encoded EC private key should contain the associated public key in the optional `publicKey` field.

"Though the ASN.1 indicates publicKey is OPTIONAL, implementations that conform to this document SHOULD always include the publicKey field."

EC private keys generated using the Sun EC provider omit this field. This would be acceptable / understandable in the case where the key was loaded from an external source or a keystore, as it would require some computation to obtain the public point.

However when the key was generated by the Sun EC provider via `KeyPairGenerator.generateKeyPair().getPrivate()`, the public key is clearly available and could easily be included in the ASN.1 output without any computation. This would be a big help to consumers of such keys.
Comments
URL: https://hg.openjdk.java.net/jdk/jdk/rev/066bb54fba95 User: weijun Date: 2019-12-17 01:38:56 +0000
17-12-2019