about the cryptography library you used

[Aswin2203]

Hi @ralienpp I am having a query on the cryptography library that you have forked in your GitHub. I have also read a discussion on that crypto library repository roadmap.

My Query is about is there any library in python that can generate a X509 certificate using the Post Quantum Cryptography [Open Quantum Safe] Algorithms Key pair [like dilithium] Or is there any other way to generate a X509 certificate using PQC key pairs. It would be so much helpful if you can provide me a solution.

As if I generate a certificate with dilithium key pair using cryptography library, I get this error ValueError: Unknown key type: 1.3.6.1.4.1.2.267.12.6.5

[ralienpp]

Hi, the cryptography library is waiting for openssl to implement the post-quantum algorithms, so they're not available and probably won't be there soon.

To achieve what you want, the current approach would be:

1. Generate the certificate structure using a library like pyasn1.
2. Generate a Dilithium key-pair with the Python wrapper for liboqs (Open Quantum Safe); note that Dilithium is now "ML-DSA".
3. Update the structure from step#1 with the public key and the OID for it.
4. Sign the updated structure with the key from step#2.

[ralienpp]

p.s. I would also reconsider the requirements, do you really need it to be done in Python? You can use the OpenQuantumSafe opensslv3 docker image to get an environment where you can generate such certificates from the command line with OpenSSL. That would be much easier.

[Aswin2203]

@ralienpp Thank you for your explanation I got some idea from it to proceed with my goal. Adding to your point actually I need to implement this in python for a purpose, so I was looking for a solution.