diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-10-19 12:40:34 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-10-19 12:40:34 +0200 |
commit | 82c8d614762c3e4bb0abc14148a1fba1ca3182e5 (patch) | |
tree | bcbd539039e4e0b3ed4c35f41959eecb54994fbd /security-utils/src/main/java/com/yahoo/security/hpke/Kem.java | |
parent | 9bd0a86bba6280aded2ff575ba095a446d6aa4e7 (diff) |
Add X25519 private to public key extraction and use for HPKE opening
Avoids the need to pass the full key pair when opening a sealed piece
of ciphertext, since we can just extract the public key on-demand.
Uses BouncyCastle X25519 utils under the hood.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/hpke/Kem.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/hpke/Kem.java | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/hpke/Kem.java b/security-utils/src/main/java/com/yahoo/security/hpke/Kem.java index 7bbb2df0960..99c019a9d0b 100644 --- a/security-utils/src/main/java/com/yahoo/security/hpke/Kem.java +++ b/security-utils/src/main/java/com/yahoo/security/hpke/Kem.java @@ -4,6 +4,7 @@ package com.yahoo.security.hpke; import com.yahoo.security.KeyUtils; import java.security.KeyPair; +import java.security.interfaces.XECPrivateKey; import java.security.interfaces.XECPublicKey; /** @@ -30,10 +31,8 @@ public interface Kem { * "Deterministic algorithm using the private key <code>skR</code> to recover the * ephemeral symmetric key (the KEM shared secret) from its encapsulated * representation <code>enc</code>." - * - * TODO just take skR instead of entire key pair */ - byte[] decap(byte[] enc, KeyPair kpR); + byte[] decap(byte[] enc, XECPrivateKey skR); /** The length in bytes of a KEM shared secret produced by this KEM. */ short nSecret(); |