Interoperablity issue. - Unable to load Dilithium2 Public key in OpenSSL with OQSP Provider created by thirdparty CA about oqs-provider HOT 4 CLOSED

Thanks for this report. Unfortunately, oqsprovider does not modify any key representation but simply "shuffles around" (the openssl provider APIs) completely opaque binary blobs/what's provided by liboqs (APIs). And that in turn takes its code from the pqcrystals repository. So tagging @bhess as the contact person to that code base for comment as to whether it's permissible to retain an unused parameter as NULL or whether it indeed has to be left away. What might be helpful is a reference to the specifications (pertaining to Dilithium and its key representation format) that you have been using when implementing your CA code, @stauro79 such as to compare the relevant parts.

from oqs-provider.

It could be due to this line in oqsprovider which requires the algorithm parameters to be absent:

@stauro79, if you are following draft-ietf-lamps-dilithium-certificates, the parameters are defined as ABSENT.

from oqs-provider.

It could be due to this line in oqsprovider which requires the algorithm parameters to be absent:

Thanks very much for the analysis, @danvangeest . This is code "grand-fathered" in to oqs-prrovider from the old openssl111 6 years ago from here.

@stauro79, if you are following draft-ietf-lamps-dilithium-certificates, the parameters are defined as ABSENT.

The first version of the spec above has been done 4 years after this code, but indeed AFAIK this code and any specs pertaining to it ever were in contradiction.

Hence, I'll close this issue in a few days unless @stauro79 provides another spec pointer documenting a different understanding.

from oqs-provider.

Closing as per above

from oqs-provider.