You have to build the OQS provider using OQS_KEM_ENCODERS=on
--Guys,
I’m trying to generate an ML-KEM key-pair (well, and ML-DSA key-pair) using OpenSSL CLI, specifically “openssl genpkey”. I have OpenSSLS-3.4.0 installed, and “oqs-provider” built from the “main” branch.
I thought that the simple
openssl genpkey -algorithm mlkem1024 -out /tmp/pr.out -outpubkey /tmp/pub.out
should do the job. Obviously, that’s not the case, and I’m doing something wrong – would love any help and guidance. I hope it’s something really small that’s missing…?
$ openssl genpkey -algorithm mlkem1024 -out /tmp/pr.out -outpubkey /tmp/pub.out -verbose -provider oqs
Error writing key(s)
40CBE258F87F0000:error:1D800065:ENCODER routines:OSSL_ENCODER_to_bio:reason(101):crypto/encode_decode/encoder_lib.c:55:No encoders were found. For standard encoders you need at least one of the default or base providers available. Did you forget to load them?
40CBE258F87F0000:error:04800073:PEM routines:do_pk8pkey:error converting private key:crypto/pem/pem_pk8.c:133:
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.4.0
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.4.0
status: active
oqs
name: OpenSSL OQS Provider
version: 0.7.1-dev
status: active
pkcs11
name: PKCS#11 Provider
version: 3.4.0
status: active
vigenere
version: 1.2
$ openssl version
OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)
$
(Once these key-pairs are produced, I will try to create a certificate for the ML-KEM public key, signed by ML-DSA87 – so, if you can help me there as well, it would be outstanding.)
Thanks!
--
V/R,
Uri
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
C. A. R. Hoare
I was a shepherd to fools
Causelessly bold or afraid.
They would not abide by my rules.
Yet they escaped. For I stayed.
R. Kipling “Epitaphs of the War. Convoy Escort”
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/BN0P110MB14195B9F2F4AFD45ED2C8C6A903DA%40BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM.
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/CADqLbzJ_StmC%2BkheeM-UvbtQDmp2CKaXHn41kNO2TZfhjvDwRA%40mail.gmail.com.