Add initial support for ML-DSA, SLH-DSA, and ML-KEM keys and signatures #132
Labels
enhancement
New feature or request
Comments
CBonnell
changed the title
|
The following features have been added:
Signature validation has not been added yet, as there are no open-source Python libraries to support this. As such, self-issued (generally root) certificates that do not contain an AKI extension but use ML-DSA or SLH-DSA will encounter a NOTICE-level finding, as it cannot be determined whether the certificate is self-signed. Once such a library is made available, support for signature validation will be added. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Now that there are official OIDs from NIST, initial support for the three new PQC algorithms can be added.
Initially, signature verification will not be supported as there are no easy-to-install open-source libraries available with the FIPS/final versions of these algorithms yet.
For now, we can at least recognize the OIDs and attempt to deserialize the key (and maybe signature) to detect encoding errors.
The text was updated successfully, but these errors were encountered: