[gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jul 4 11:19:14 CEST 2025
Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005
> "detail": "This option can be combined with --generate-privkey, to specify\nthe key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'rsa-oaep', 'dsa', 'ecdsa', 'ed25519, 'ed448', 'x25519', and 'x448'.'.\nWhen combined with certificate generation it can be used to specify an\nRSA-PSS certificate when an RSA key is given.",
> "argument-type": "string"
> },
> + {
> + "long-option": "key-format",
> + "description": "Specify the key format to use on key generation",
> + "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.",
It would be too complicated to implement, as in some cases (e.g., `certtool -k`) the key type is known only after decoding the key itself. I'd leave it as-is, as most of the other options that don't take effect are simply ignored.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/a92ca03b/attachment-0001.html>
More information about the Gnutls-devel
mailing list