Bug ID: JDK-8347938 Switch to latest ML-KEM private key encoding

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 25
25Unresolved

In the implementation of [JEP-496](https://openjdk.org/jeps/496), the PKCS #8 encoding of an ML-KEM private key includes the complete private key material as defined in FIPS 203: `dk_PKE ‖ ek ‖ H(ek) ‖ z`. We also noted that "The encoding used by the ML-KEM KeyFactory is defined in [a draft IETF RFC](https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/). We will track changes in this draft until it is published."

In November 2024, the 5th version of this draft clarified that "an ML-KEM private key is encoded by storing its 64-octet seed in the privateKey field", which is different from our current encoding format.

Later on, there have been more proposals on the encoding. See the mails at https://mailarchive.ietf.org/arch/msg/spasm/6iUmCadOg3PfGja7j26-MUXTUVk/ and https://mailarchive.ietf.org/arch/msg/spasm/50v8oLi5XObC7AIL4DH337_Anos/.

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/24969 Date: 2025-04-30 15:43:31 +0000

30-04-2025

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/23376 Date: 2025-01-30 22:00:07 +0000

30-01-2025

Blocks :	JDK-8339009 - JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
CSR :	JDK-8349163 - Switch to latest ML-KEM private key encoding