Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: how to create a certificate for ML-KEM pubkey? #4516

Open
mouse07410 opened this issue Jan 1, 2025 · 2 comments
Open

Question: how to create a certificate for ML-KEM pubkey? #4516

mouse07410 opened this issue Jan 1, 2025 · 2 comments
Labels
enhancement Enhancement or new feature

Comments

@mouse07410
Copy link
Contributor

Background

Using OpenSSL-3.4.0 with OQS provider (from Open Quantum Safe), I

  1. generated ML-DSA and ML-KEM key-pairs,
  2. created from ML-DSA key-pair an ML-DSA self-signed certificate to act as CA, and
  3. created an ML-KEM certificate from ML-KEM pubkey, signed by the above CA.

Botan-3.7.0 parsed the above certs and validated the ML-KEM cert.

Goal

I want to replicate the above (1)-(3) with Botan, aka generate keypairs and create corresponding certificates.

Current progress

  1. Generated key-pairs:
$ botan3 keygen --algo="ML-KEM" --params="ML-KEM-1024" > prkey-kem.pem
$ botan3 keygen --algo="ML-DSA" --params="ML-DSA-87" > prkey-dsa.pem
$ botan3 keygen --algo="ML-DSA" --params="ML-DSA-8x7" > prkey-dsa.pem
$ botan3 pkcs8 --pub-out prkey-kem.pem > pubkey-kem.pem
$ botan3 pkcs8 --pub-out prkey-dsa.pem > pubkey-dsa.pem
$
  1. Created CA (self-signed cert) from ML-DSA key-pair:
$ botan3 gen_self_signed prkey-dsa.pem "/CN=ML-DSA-CA" --ca > dsa-ca.pem
$

Problem

Cannot figure out how to create a certificate signed by the above CA for the ML-KEM public key. Would appreciate help.
@randombit
Copy link
Owner

Currently this is not possible through the command line because the only flow for creating a signed certificate is to first create a PKCS10 request (botan gen_pkcs10) then sign it (botan sign_cert), PKCS10 uses a signature as proof of possession, and ML-KEM cannot sign.

You can create such a certificate using the (quite low level/escape hatch) function X509_CA::make_cert since this doesn't require involving PKCS10.

Can you share how you created these certs using OpenSSL? I though OpenSSL similarly only had a PKCS10->cert flow, at least in the cli.

@mouse07410
Copy link
Contributor Author

mouse07410 commented Jan 1, 2025
edited
Loading

Currently this is not possible through the command line . . .

Respectfully request adding this capability.

Can you share how you created these certs using OpenSSL?

Certainly (assuming the key-pairs and ML-DSA CA cert has been already created):

openssl x509 -new -key prkey-dsa.pem -force_pubkey pubkey-kem.pem \
       -out kem-cert.pem \
       -subj "/CN=PQ_KEM_Entity"  \
       -set_issuer "/CN=Experimental_PQ_CA" \
       -days 360 \
       -extfile <(printf "keyUsage=keyEncipherment\n")

As you see, OpenSSL allows to "force" the pubkey into a cert, bypassing the need for a CSR - as CSR (obviously) is not possible for ML-KEM type of keys that can't perform signing operation.

@randombit randombit added the enhancement Enhancement or new feature label Jan 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement or new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@randombit @mouse07410