search

open-quantum-safe / oqs-demos

PARTIALLY SUPPORTED Instructions for enabling the use of quantum-safe cryptography in assorted software using the OQS suite. CONTRIBUTORS WANTED.
https://openquantumsafe.org/
132 stars 74 forks source link

qteslapi is not supported by oqs openssl #267

Closed itrider-gh closed 9 months ago

itrider-gh commented 9 months ago

The qteslapi algorithm does not work for the creation of a CA Key and a certificate.

I use the command shown in the image documentation https://hub.docker.com/r/openquantumsafe/httpd

# create and enter directory to contain keys and certificates
mkdir -p server-pki && cd server-pki

# create CA key and certificate using qteslapi
docker run -v `pwd`:/opt/tmp -it openquantumsafe/curl openssl req -x509 -new -newkey qteslapi -keyout /opt/tmp/CA.key -out /opt/tmp/CA.crt -nodes -subj "/CN=oqstest CA" -days 365

# create server key using dilithium2
docker run -v `pwd`:/opt/tmp -it openquantumsafe/curl openssl req -new -newkey dilithium2 -keyout /opt/tmp/server.key -out /opt/tmp/server.csr -nodes -subj "/CN=httpd.server.my.org"

# create server certificate
docker run -v `pwd`:/opt/tmp -it openquantumsafe/curl openssl x509 -req -in /opt/tmp/server.csr -out /opt/tmp/server.crt -CA /opt/tmp/CA.crt -CAkey /opt/tmp/CA.key -CAcreateserial -days 365

The error is as follows : 

Error allocating keygen context
481DD4B66A7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (qteslapi : 0), Properties (<null>)

dilithium2 works well for this application. Has qteslapi support been disabled when switching to opensslv3?

dstebila commented 9 months ago

We removed support for qTesla in 2020 after it was removed from the NIST PQC competition after Round 2.

https://github.com/open-quantum-safe/liboqs/pull/810