PQ Key generation with kem-algorithms

[dangvinc]

Hi

Using OpenSSL 3.3.0 with OQS provider 0.6.1-dev I tried to generate PQ keys and Certificate Signing Request (CSR) using MLKEM public key algorithm e.g.:

$ openssl req -new -newkey mlkem512 -nodes -keyout mlkem512.key -out mlkem512.csr -subj "/CN=mlkem512 EE/C=BE"

but I faced the following exception:

exception: 484B041F797F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):crypto/encode_decode/encoder_l
ib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them? 

Using the "genpkey" option, also returns the same error: $ openssl genpkey -algorithm mlkem512 -out mlkem512.key

It looks like these openssl commands work only with signature-algorithms e.g. Dilithium, ML-DSA. Are there other openssl functions to generate keys and certrequest for kem-algorithms (kyber, mlkem..) ?

Thanks.

[beldmit]

You should enable KEM decoders/encoders explicitly cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DOQS_KEM_ENCODERS=ON ..

[dangvinc]

Many thanks for your respond. I'm going to recompile the oqs ... hope that can resolve our issue.

[baentsch]

Transforming to discussion to find this easier as an FAQ.