jrihtarsic commented on code in PR #234: URL: https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1417624672
########## src/main/java/org/apache/xml/security/encryption/params/KeyDerivationParameter.java: ########## @@ -0,0 +1,42 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.xml.security.encryption.params; + +import java.security.spec.AlgorithmParameterSpec; + +/** + * This class contains the basic parameters used for key derivation. + */ +public class KeyDerivationParameter implements AlgorithmParameterSpec { Review Comment: I change it to abstract class for now. FYI I have already prepare next PR to support HKDF as an option for key agreement and I can update/change the design pattern in next PR. Regarding the AlgorithmParameterSpec, my initial idea (for some future PRs) was to implement KeyAgreementSpi and use keyderivationParameter as input parameter to allow other implementers to provide their own key-derivation implementations if used algorithms using the JCA/JCE as example. ``` KeyDerivationParameter keyDerivationParameter = new ConcatKeyDerivationParameter(256, ALGO_ID_DIGEST_SHA256); KeyAgreement keyAgreement = keyAgreement.getInstance(keyAgreementAlgorithm); keyAgreement.init(keyPairOriginator.getPrivate(), keyDerivationParameter); .... byte[] finalKeyAgreementSecret = keyAgreement.generateSecret(); ``` But if you think this is not good approach I will just remove the AlgorithmParameterSpec -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@santuario.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
