could you help me, using the two key-pairs above, create (a) a self-signed certificate for the ML-DSA-87 pubkey with ML-DSA-87 as signature algorithm, and SHA384 as hash, and (b) a certificate for the above ML-KEM-1024 public key signed by the above ML-DSA-87 key?
Some quick thoughts:
To my knowledge, there is no OID for ML-DSA with SHA384 pre-hashing. NIST defines OIDs only for ML-DSA with SHA512 pre-hashing. So, your requirement for SHA384 pre-hash is not possible to implement, at least not in an interoperable standard way.
ML-KEM is not designed for signing, it is used for key encapsulation and decapsulation.So, it is not possible to use traditional CSR approaches like in RSA/ECDSA. Instead, alternative methods for proof of possession such as CRMF/CMP protocols must be used. This is for example how EJBCA implements ML-KEM certificates issuance in its latest version 9.1.0 (cf https://docs.keyfactor.com/ejbca/latest/ejbca-9-1-release-notes).
OpenSSL do provide cmp command for CMP protocol but I don't know
its level of compatibility with the latest RFC4210
(https://www.ietf.org/archive/id/draft-ietf-lamps-rfc4210bis-12.html#name-key-encapsulation-mechanism).
Of course, you will still need a CA to request certificate from
but I don't know any apart from EJBCA. That being said, it should
be possible to implement a demo CA programmatically to issue
ML-KEM certificates without the complexity of proof of possession
and I'm sure someone has already done this although I cannot find
it online.
--
Mounir IDRASSI
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/720fee23-82a8-4e50-9b98-1c8d3e8d651e%40idrix.net.
