Some libraries like the popular jjwt for JSON web tokens try to validate the key length to match the requested encryption algorithm (in my case, A256GCM).
This fails however because AesKey#getEncoded() returns null, which the jjwt library treats as 0 bits.
Would it be better if AesKey#getEncoded() threw UnsupportedOperationException, especially if the key is not extractable?
Some libraries like the popular jjwt for JSON web tokens try to validate the key length to match the requested encryption algorithm (in my case, A256GCM).
This fails however because
AesKey#getEncoded()
returnsnull
, which the jjwt library treats as0
bits.Would it be better if
AesKey#getEncoded()
threwUnsupportedOperationException
, especially if the key is not extractable?