On Fri, 12 Mar 2021 22:06:40 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Hi @wangweij Thanks for your review. As @SalusaSecondus commented, >> RSAPrivateKeyCrtSpec should be favored over RSAPrivateKeySpec when the >> PrivateKey is a Crt Key. I just modified our JTreg test to include all four >> cases described in the PR description. > > I still cannot understand why CRT is always preferred. The original > implementation also hadn't done that. I believe that the original implementation intended to do this but made a mistake. This is why the original implementation (with the backwards `isAssignableFrom` logic) first checked to see if it could use CRT (as it had more information) and only afterwards fell back to seeing if it could use `RSAPrivateKeySpec`. RSA CRT keys are much more efficient than normal RSA private keys and also result in more a more standard compliant output when serialized to PKCS#8 format (which technically requires the CRT parameters to be present). Thus, I believe we should try to preserve the CRT parameters whenever possible for our users. Now users who request an `RSAPrivateKeySpec` and then use it to later create a new key (using `KeyFactory.generatePrivate`) can keep the significant performance benefits for that private key. ------------- PR: https://git.openjdk.java.net/jdk/pull/2949
