ClassCastException: com.android.org.conscrypt.OpenSSLX25519PublicKey cannot be cast to java.security.interfaces.XECPublicKey

[vvb2060]

I have a problem using a library in Android, I think x25519 public key should implement XECPublicKey.

Also initialize support is not complete, can I assume x25519 is not generally available in conscrypt?

[vvb2060]

another one, why conscrypt not using the correct XEC class?

java.security.spec.InvalidKeySpecException: Must use ECPublicKeySpec or X509EncodedKeySpec; was java.security.spec.XECPublicKeySpec
    at com.android.org.conscrypt.OpenSSLXDHKeyFactory.engineGeneratePublic(OpenSSLXDHKeyFactory.java:53)
    at java.security.KeyFactory.generatePublic(KeyFactory.java:361)
    at tech.kwik.agent15.extension.KeyShareExtension.rawToEncodedXDHPublicKey(KeyShareExtension.java:332)

[prbprbprb]

Yeah, it's very much on our roadmap but not trivial as the XEC classes are not available until Java 15 and Android API level 33, but we still support Java 8 and API level 20.

The (ugly) workaround if you have XEC KeySpecs would be to create SunJCE XECKeys from them and then extract the X509EncodedKeySpec.

Or, as it looks like you're using raw X25519 key bytes, you can create an instance of Conscrypt's XdhKeySpec with the raw data and pass that into tech.kwik.agent15.extension.KeyShareExtension.rawToEncodedXDHPublicKey.

[vvb2060]

Yeah, I modified agent15 library and successfully made x25519 work, but this workaround could not be submitted upstream, and finally I can only disable x25519 support for all Android version.