How to generate ML-KEM key-pair?

["Blumenthal, Uri - 0553 - MITLL" <uri@xxxxxxxxxx>]

Guys,

 

I’m trying to generate an ML-KEM key-pair (well, and ML-DSA key-pair) using OpenSSL CLI, specifically “openssl genpkey”. I have OpenSSLS-3.4.0 installed, and “oqs-provider” built from the “main” branch.

 

I thought that the simple

 

openssl genpkey -algorithm mlkem1024 -out /tmp/pr.out -outpubkey /tmp/pub.out

 

should do the job. Obviously, that’s not the case, and I’m doing something wrong – would love any help and guidance. I hope it’s something really small that’s missing…?

 

$ openssl genpkey -algorithm mlkem1024 -out /tmp/pr.out -outpubkey /tmp/pub.out -verbose -provider oqs

Error writing key(s)

40CBE258F87F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):crypto/encode_decode/encoder_lib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them?

40CBE258F87F0000:error:04800073:PEM routines:do_pk8pkey:error converting private key:crypto/pem/pem_pk8.c:133:

$ openssl list -providers

Providers:

  default

    name: OpenSSL Default Provider

    version: 3.4.0

    status: active

  legacy

    name: OpenSSL Legacy Provider

    version: 3.4.0

    status: active

  oqs

    name: OpenSSL OQS Provider

    version: 0.7.1-dev

    status: active

  pkcs11

    name: PKCS#11 Provider

    version: 3.4.0

    status: active

  vigenere

    version: 1.2

$ openssl version

OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)

$

 

(Once these key-pairs are produced, I will try to create a certificate for the ML-KEM public key, signed by ML-DSA87 – so, if you can help me there as well, it would be outstanding.)

 

Thanks!

--

V/R,

Uri

 

There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

                                                                                                                                        C. A. R. Hoare

 

I was a shepherd to fools

Causelessly bold or afraid.

They would not abide by my rules.

Yet they escaped. For I stayed.

                                    R. Kipling “Epitaphs of the War. Convoy Escort”

 

--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/BN0P110MB14195B9F2F4AFD45ED2C8C6A903DA%40BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM.

Attachment: smime.p7s
Description: S/MIME cryptographic signature