Hi John, We are working on adding supports for ML-DSA [1] in OpenJDK. Hopefully they can be added next year. We will then be able to sign and verify a JAR file using ML-DSA.
Also, we added HSS/LMS support back in JDK 21. While OpenJDK’s builtin implementation only includes the verification part, at least can you can use it to verify. BTW, I’ve copied this to the security-dev mailing list, which is where we discuss development of security libraries and tools. Thanks, Weijun [1] https://openjdk.org/jeps/8339010 On Nov 6, 2024, at 12:13, Dallman, John <john.dall...@siemens.com> wrote: Hi, folks, Now that NIST has issued its first standards for post-quantum cryptography, can I ask about plans for supporting it in OpenJDK? The endpoint I'm looking for is the ability to sign JAR files with a standardised PQC signature algorithm and be able to validate those signatures at run-time. Is there a plan yet for which version of OpenJDK will be able to do that? -- John Dallman Siemens Industry Software Limited DI SW PLM PE OT PC PDE Kett House, Station Road, Cambridge CB1 2JH, United Kingdom Phone: +44 (1223) 371554 mailto:john.dall...@siemens.com www.sw.siemens.com Siemens Industry Software Limited registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 7BF, United Kingdom. Registered in England and Wales No. 03476850.
