Bug ID: JDK-8347941 Switch to latest ML-DSA private key encoding

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 25
25Unresolved

In the implementation of [JEP-497](https://openjdk.org/jeps/497), the PKCS #8 encoding of an ML-DSA private key includes the complete private key material as defined in FIPS 204: `skEncode(𝜌, 𝐾, 𝑡𝑟, 𝐬1, 𝐬2, 𝐭0)`. We also noted that "The encoding used by the ML-DSA KeyFactory is defined in [a draft IETF RFC](https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates). We will track changes in this draft until it is published."

In November 2024, the 5th version of this draft clarified that "An ML-DSA private key is encoded by storing its 32-octet seed in the privateKey field". which is different from our current encoding format.

Later on, there have been more proposals on the encoding. See the mails at https://mailarchive.ietf.org/arch/msg/spasm/6iUmCadOg3PfGja7j26-MUXTUVk/ and https://mailarchive.ietf.org/arch/msg/spasm/50v8oLi5XObC7AIL4DH337_Anos/.

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/24969 Date: 2025-04-30 15:43:31 +0000

30-04-2025

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/23376 Date: 2025-01-30 22:00:07 +0000

30-01-2025

Blocks :	JDK-8339010 - JEP 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
CSR :	JDK-8349164 - Switch to latest ML-DSA private key encoding