open-quantum-safe / oqs-provider

OpenSSL 3 provider containing post-quantum algorithms
https://openquantumsafe.org
MIT License
243 stars 93 forks source link

PQ Key generation with kem-algorithms #564

Closed dangvinc closed 2 weeks ago

dangvinc commented 3 weeks ago

Hi

Using OpenSSL 3.3.0 with OQS provider 0.6.1-dev I tried to generate PQ keys and Certificate Signing Request (CSR) using MLKEM public key algorithm e.g.:

$ openssl req -new -newkey mlkem512 -nodes -keyout mlkem512.key -out mlkem512.csr -subj "/CN=mlkem512 EE/C=BE"

but I faced the following exception:

exception: 484B041F797F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):crypto/encode_decode/encoder_l
ib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them? 

Using the "genpkey" option, also returns the same error: $ openssl genpkey -algorithm mlkem512 -out mlkem512.key

It looks like these openssl commands work only with signature-algorithms e.g. Dilithium, ML-DSA. Are there other openssl functions to generate keys and certrequest for kem-algorithms (kyber, mlkem..) ?

Thanks.

beldmit commented 3 weeks ago

You should enable KEM decoders/encoders explicitly cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DOQS_KEM_ENCODERS=ON ..

dangvinc commented 2 weeks ago

Many thanks for your respond. I'm going to recompile the oqs ... hope that can resolve our issue.

baentsch commented 2 weeks ago

Transforming to discussion to find this easier as an FAQ.