Andrea Cosentino created CAMEL-23846:
----------------------------------------

             Summary: Camel-PQC: make the PQC parameter set / NIST security 
level configurable on the endpoint
                 Key: CAMEL-23846
                 URL: https://issues.apache.org/jira/browse/CAMEL-23846
             Project: Camel
          Issue Type: New Feature
          Components: camel-pqc
            Reporter: Andrea Cosentino
            Assignee: Andrea Cosentino


Today the default key material classes hardcode a single parameter set per 
algorithm — e.g. {{PQCDefaultMLDSAMaterial}} uses 
{{MLDSAParameterSpec.ml_dsa_65}}, ML-KEM defaults to {{ml_kem_512}}, Falcon to 
512, etc. The producer's lifecycle generateKeyPair path also only calls the 
2-arg {{KeyLifecycleManager.generateKeyPair(algorithm, keyId)}}, never the 
parameterSpec-aware overload.

As a result, to use any security level other than the hardcoded default (e.g. 
ML-DSA-44 / ML-DSA-87, ML-KEM-768 / ML-KEM-1024, the various SLH-DSA and Falcon 
variants) users must register their own KeyPair/Signature/KeyGenerator beans in 
the registry. There is no declarative endpoint option.

h3. Proposal
* Add an endpoint option to select the NIST parameter set / security level 
(e.g. {{parameterSpec}} or {{securityLevel}}) for signature and KEM algorithms.
* Wire it through the default material factories and the lifecycle 
generateKeyPair operation (use the parameterSpec-aware overload).
* Document the supported values per algorithm.

Affected: {{components/camel-pqc}} PQCConfiguration, default material classes, 
PQCProducer lifecycle generateKeyPair.

----
_Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to