Is it possible to generate PQC sig private key without public key in the output? #440
Replies: 2 comments 4 replies
-
|
We follow the key format specified in the NIST submissions, not the key format given in the uni-qsckeys draft. So no, we do not have such an option. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
The contents of the oqs-openssl private key should be the same as needed for liboqs, but they might be wrapped in a PEM or DER encoding depending on the command used to output the key, in which case you would need to extract the unencoded binary key. |
Beta Was this translation helpful? Give feedback.
-
|
I tried ASN.1 decoding and then stripping the public part, the extracted raw private key works for liboqs, thank you! |
Beta Was this translation helpful? Give feedback.
-
You may want to try the above using OpenSSL3&oqsprovider: This is more current code that also optionally supports the unikey Draft. See How to activate here: https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md#key-encodings |
Beta Was this translation helpful? Give feedback.
-
|
Thank you!, I will look into the oqs-provider for OpenSSL3. |
Beta Was this translation helpful? Give feedback.
-
Hi there,
I'm using below command to generate key/cert for testing
/work/oqs-openssl/apps/openssl req -newkey dilithium2 -nodes -keyout ca.key -x509 -days 3650 -subj "/CN=my test ca" -config /work/oqs-openssl/apps/openssl.cnf -out ca.certhowever the it looks the public key data is attached to the private key output
ca.key.according to https://datatracker.ietf.org/doc/html/draft-uni-qsckeys-00.html#section-7.3 the public key data is optional, so I wondering if there is any commandline option to skip the public key data part in the private key output?
thank you very much!
Beta Was this translation helpful? Give feedback.
All reactions