Package Details: oqsprovider 0.6.1-2

Git Clone URL: https://aur.archlinux.org/oqsprovider.git (read-only, click to copy)
Package Base: oqsprovider
Description: OpenSSL 3 provider containing post-quantum algorithms
Upstream URL: https://openquantumsafe.org/applications/tls.html#oqs-openssl-provider
Licenses: MIT
Provides: oqsprovider.so
Submitter: iyanmv
Maintainer: iyanmv
Last Packager: iyanmv
Votes: 1
Popularity: 0.000005
First Submitted: 2022-11-23 18:03 (UTC)
Last Updated: 2024-06-17 13:11 (UTC)

Pinned Comments

iyanmv commented on 2022-11-23 18:05 (UTC) (edited on 2023-05-17 11:36 (UTC) by iyanmv)

To use this provider you need to add it explicitly to /etc/ssl/openssl.cnf and activate it. Alternatively, add the -provider oqsprovider to all your openssl commands.

For example, to list all the signature algorithms use:

openssl list -signature-algorithms -provider oqsprovider

Latest Comments

iyanmv commented on 2024-06-17 13:13 (UTC)

taba: I have removed the liboqs version from the depends array so that people building with AUR helpers or without clean chroot envs don't have issues. Please, give it a try.

taba commented on 2024-06-17 05:39 (UTC)

Can't build without uninstalling previous version of liboqs.

taba commented on 2024-05-20 13:22 (UTC) (edited on 2024-05-21 18:52 (UTC) by taba)

For system-wide setup on both server and client, follow the printed instructions or https://github.com/open-quantum-safe/oqs-provider/blob/0ec51eca39d72867f309878f5bb9002f1c3e07fb/USAGE.md but respectively set

[tls_system_default]
Groups = x25519_kyber768:p384_kyber768:x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192

or

[system_default_sect]
Groups = x25519_kyber768:p384_kyber768:x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192

Relevant links: https://discuss.privacyguides.net/t/quantum-computing-and-harvest-now-decrypt-later-hype/18380/2, https://github.com/open-quantum-safe/oqs-provider/blob/0ec51eca39d72867f309878f5bb9002f1c3e07fb/USAGE.md, https://blog.aegrel.ee/kyber-nginx.html. I got the default Groups list from the following testing commands.

Testing:

Following should use X25519Kyber768Draft00 or whatever you set

curl https://crypto.cloudflare.com/cdn-cgi/trace
openssl s_client -trace crypto.cloudflare.com:443 </dev/null 2>&1 | grep NamedGroup

Following should use something old

openssl s_client -trace archlinux.org:443 </dev/null 2>&1 | grep NamedGroup

iyanmv commented on 2022-11-23 18:05 (UTC) (edited on 2023-05-17 11:36 (UTC) by iyanmv)

To use this provider you need to add it explicitly to /etc/ssl/openssl.cnf and activate it. Alternatively, add the -provider oqsprovider to all your openssl commands.

For example, to list all the signature algorithms use:

openssl list -signature-algorithms -provider oqsprovider