open-quantum-safe / oqs-provider

OpenSSL 3 provider containing post-quantum algorithms
https://openquantumsafe.org
MIT License
230 stars 88 forks source link

PQ Key generation with kem-algorithms #564

Open dangvinc opened 6 hours ago

dangvinc commented 6 hours ago

Hi

Using OpenSSL 3.3.0 with OQS provider 0.6.1-dev I tried to generate PQ keys and Certificate Signing Request (CSR) using MLKEM public key algorithm e.g.:

$ openssl req -new -newkey mlkem512 -nodes -keyout mlkem512.key -out mlkem512.csr -subj "/CN=mlkem512 EE/C=BE"

but I faced the following exception:

exception: 484B041F797F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):crypto/encode_decode/encoder_l
ib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them? 

Using the "genpkey" option, also returns the same error: $ openssl genpkey -algorithm mlkem512 -out mlkem512.key

It looks like these openssl commands work only with signature-algorithms e.g. Dilithium, ML-DSA. Are there other openssl functions to generate keys and certrequest for kem-algorithms (kyber, mlkem..) ?

Thanks.

beldmit commented 6 hours ago

You should enable KEM decoders/encoders explicitly cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DOQS_KEM_ENCODERS=ON ..