[gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jul 4 11:19:14 CEST 2025




Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005

 >            "detail": "This option can be combined with --generate-privkey, to specify\nthe key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'rsa-oaep', 'dsa', 'ecdsa', 'ed25519, 'ed448', 'x25519', and 'x448'.'.\nWhen combined with certificate generation it can be used to specify an\nRSA-PSS certificate when an RSA key is given.",
 >            "argument-type": "string"
 >          },
 > +        {
 > +          "long-option": "key-format",
 > +          "description": "Specify the key format to use on key generation",
 > +          "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.",

It would be too complicated to implement, as in some cases (e.g., `certtool -k`) the key type is known only after decoding the key itself. I'd leave it as-is, as most of the other options that don't take effect are simply ignored.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/a92ca03b/attachment-0001.html>


More information about the Gnutls-devel mailing list