You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am integrating the functionalities of liboqs on two virtual machines, where one acts as a server and the other as a client, communicating via the TLS protocol. On both machines, I have implemented key and certificate management using liboqs. The server is developed in C, and the client in Go. For the client implementation, PQCrypto has been used to implement TLS.
The issue I am encountering is the version incompatibility in the client-server communication. I have verified this in two ways:
1. First client implementation:
I developed a client in Go that reads the certificate, private key, and CA certificate generated using the openssl command. These have the following structure:
Subject Public Key Info:
Public Key Algorithm: falcon1024
falcon1024 public key:
PQ key material:
go run tls_PQC.go
2024/12/11 12:22:44 CA certificate read properly
2024/12/11 12:22:44 Client certificate read properly
2024/12/11 12:22:44 Client key read properly
2024/12/11 12:22:44 Failed to parse key pair: x509: wrong public key
However, the functionalities tls.X509KeyPair(clientCert, clientKey) provided by PQCrypto and fed by liboqs-go do not correctly decode these keys: Failed to parse key pair: x509: wrong public key
2. Second client implementation:
From the CA certificate, I generated the client's private and public keys, and the client's certificate, which has the following form:
Subject Public Key Info:
Public Key Algorithm: 1.5.0.1
Unable to load Public Key
80CBB788287F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:crypto/x509/x_pubkey.c:464:
80CBB788287F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:crypto/x509/x_pubkey.c:464:
Server Response (Implemented with liboqs and oqs-provider): TLS accept failed SSL_ERROR_SSL: (no suitable signature algorithm).
As can be seen, the Go project creates and works with algorithms defined by a numeric code, and my version of liboqs and oqsprovider does not support this. In the case of the first client implementation, the opposite occurs: the keys and certificates have been generated with algorithms like "falcon1024" and the Go project expects the numeric code.
I am unsure if this incompatibility is due to liboqs-go or PQCrypto, but I would like to document this issue in case anyone has any ideas or if the developers of PQCcrypto can provide a solution.
Thank you.
The text was updated successfully, but these errors were encountered:
I am integrating the functionalities of liboqs on two virtual machines, where one acts as a server and the other as a client, communicating via the TLS protocol. On both machines, I have implemented key and certificate management using liboqs. The server is developed in C, and the client in Go. For the client implementation, PQCrypto has been used to implement TLS.
The issue I am encountering is the version incompatibility in the client-server communication. I have verified this in two ways:
1. First client implementation:
However, the functionalities
tls.X509KeyPair(clientCert, clientKey)
provided by PQCrypto and fed by liboqs-go do not correctly decode these keys:Failed to parse key pair: x509: wrong public key
2. Second client implementation:
Server Response (Implemented with liboqs and oqs-provider):
TLS accept failed SSL_ERROR_SSL: (no suitable signature algorithm).
As can be seen, the Go project creates and works with algorithms defined by a numeric code, and my version of liboqs and oqsprovider does not support this. In the case of the first client implementation, the opposite occurs: the keys and certificates have been generated with algorithms like "falcon1024" and the Go project expects the numeric code.
I am unsure if this incompatibility is due to liboqs-go or PQCrypto, but I would like to document this issue in case anyone has any ideas or if the developers of PQCcrypto can provide a solution.
Thank you.
The text was updated successfully, but these errors were encountered: