[
https://issues.apache.org/jira/browse/CAMEL-23846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino updated CAMEL-23846:
-------------------------------------
Fix Version/s: 4.22.0
> Camel-PQC: make the PQC parameter set / NIST security level configurable on
> the endpoint
> ----------------------------------------------------------------------------------------
>
> Key: CAMEL-23846
> URL: https://issues.apache.org/jira/browse/CAMEL-23846
> Project: Camel
> Issue Type: New Feature
> Components: camel-pqc
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.22.0
>
>
> Today the default key material classes hardcode a single parameter set per
> algorithm — e.g. {{PQCDefaultMLDSAMaterial}} uses
> {{MLDSAParameterSpec.ml_dsa_65}}, ML-KEM defaults to {{ml_kem_512}}, Falcon
> to 512, etc. The producer's lifecycle generateKeyPair path also only calls
> the 2-arg {{KeyLifecycleManager.generateKeyPair(algorithm, keyId)}}, never
> the parameterSpec-aware overload.
> As a result, to use any security level other than the hardcoded default (e.g.
> ML-DSA-44 / ML-DSA-87, ML-KEM-768 / ML-KEM-1024, the various SLH-DSA and
> Falcon variants) users must register their own KeyPair/Signature/KeyGenerator
> beans in the registry. There is no declarative endpoint option.
> h3. Proposal
> * Add an endpoint option to select the NIST parameter set / security level
> (e.g. {{parameterSpec}} or {{securityLevel}}) for signature and KEM
> algorithms.
> * Wire it through the default material factories and the lifecycle
> generateKeyPair operation (use the parameterSpec-aware overload).
> * Document the supported values per algorithm.
> Affected: {{components/camel-pqc}} PQCConfiguration, default material
> classes, PQCProducer lifecycle generateKeyPair.
> ----
> _Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)