Andrea Cosentino created CAMEL-23846:
----------------------------------------
Summary: Camel-PQC: make the PQC parameter set / NIST security
level configurable on the endpoint
Key: CAMEL-23846
URL: https://issues.apache.org/jira/browse/CAMEL-23846
Project: Camel
Issue Type: New Feature
Components: camel-pqc
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Today the default key material classes hardcode a single parameter set per
algorithm — e.g. {{PQCDefaultMLDSAMaterial}} uses
{{MLDSAParameterSpec.ml_dsa_65}}, ML-KEM defaults to {{ml_kem_512}}, Falcon to
512, etc. The producer's lifecycle generateKeyPair path also only calls the
2-arg {{KeyLifecycleManager.generateKeyPair(algorithm, keyId)}}, never the
parameterSpec-aware overload.
As a result, to use any security level other than the hardcoded default (e.g.
ML-DSA-44 / ML-DSA-87, ML-KEM-768 / ML-KEM-1024, the various SLH-DSA and Falcon
variants) users must register their own KeyPair/Signature/KeyGenerator beans in
the registry. There is no declarative endpoint option.
h3. Proposal
* Add an endpoint option to select the NIST parameter set / security level
(e.g. {{parameterSpec}} or {{securityLevel}}) for signature and KEM algorithms.
* Wire it through the default material factories and the lifecycle
generateKeyPair operation (use the parameterSpec-aware overload).
* Document the supported values per algorithm.
Affected: {{components/camel-pqc}} PQCConfiguration, default material classes,
PQCProducer lifecycle generateKeyPair.
----
_Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)