Add support for ML-DSA-65 signatures. #1305
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PKCS8 and X509 are not yet supported, because that is not yet standardized, see https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-07 It is better to not support this until it is standardized, so that we don't have to make a breaking change if the format still changes. Therefore, keys also can't yet be serialized. Raw serialization and deserialization is supported. For private keys, the seed is used as raw format. The expanded private key is not supported. BoringSSL doesn't provided a public API to serialise the expanded private key.
prbprbprb
approved these changes
Feb 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PKCS8 and X509 key serialization are not yet supported, because that is not yet standardised.
See:
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-07
It is better to not support this until it is standardised, so that we don't have
to make a breaking change if the format still changes.
Raw serialisation and deserialisation is supported. For private keys, the seed
is used as raw format. The expanded private key is not supported. BoringSSL
doesn't provided a public API to serialise the expanded private key.