[gnutls-devel] GnuTLS | GnuTLS doesn't support deriving the public key from the private one in ML-DSA (#1723)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jul 11 15:07:23 CEST 2025
Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1723
## Description of problem:
When the operation requires presence of both public and private key, and only ML-DSA private key is present, the operation fails
## Version of gnutls used:
gnutls-3.8.10
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL
## How reproducible:
Steps to Reproduce:
```
openssl genpkey -algorithm mldsa44 -provparam 'ml-dsa.output_formats=priv-only' -out key.pem
cat > template.cfg <<EOF
organization = Example
dns_name = localhost
challenge_password =
EOF'
certtool --generate-request --load-privkey key.pem --outfile request.pem --template template.cfg
```
## Actual results:
```
Generating a PKCS #10 certificate request...
Could not determine the public key for the operation.
You must specify --load-privkey or --load-pubkey if missing.
```
## Expected results:
Certificate signing request created
## Additional information
Algorithm such as the one mentioned in https://github.com/aws/aws-lc/pull/2142 might be used to derive them
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1723
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/bc37cf88/attachment-0001.html>
More information about the Gnutls-devel
mailing list