Additional Pkcs10CertificationRequest constructor for interoperability

bcgit / bc-csharp

BouncyCastle.NET Cryptography Library (Mirror)

https://www.bouncycastle.org/csharp

MIT License

1.68k stars 558 forks source link

Additional Pkcs10CertificationRequest constructor for interoperability #560

Closed bencemali closed 2 months ago

bencemali commented 2 months ago

Creating a Pkcs10CertificationRequest instance with key types not handled by SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo require heavy workarounds, and adding a constructor taking an already constructed SubjectPublicKeyInfo would help facilitate pqc/custom keys in Pkcs10CertificationRequest CSRs.

peterdettman commented 2 months ago

Merged, thanks for the PR.

Sidenote: the recently standardized PQC algorithms will be getting integrated into the regular factories/registries soon.

bencemali commented 2 months ago

Thanks @peterdettman! Are there any efforts to support pqc hybrids with ec/rsa keys also in the regular factories/registries? I am thinking of a general HybridKeyParameters, not a separate implementation for all the different combinations. I guess at first only the standardized algorithms would have to be accounted for in these hybrids, but then it could be expanded. OIDs for the hybrids could be imported from oqs-provider for example. If there's nothing yet I could provide a PoC in a few days.