Kyber: DefaultSignatureAlgorithmIdentifierFinder class missing Kyber Object Identifiers

[RaghuReddy]

I am experimenting Kyber key encryption in my project and have generated a Kyber key pair using Bouncy Castle provider and tried to store the private key in Keystore, but it expects a certificate chain associated with the private key, and that needs a signature algorithm.

https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#setKeyEntry-java.lang.String-java.security.Key-char:A-java.security.cert.Certificate:A-

DefaultSignatureAlgorithmIdentifierFinder class missing Kyber Object Identifiers

https://github.com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

[Honzaik]

Kyber is not a signature algorithm but a key encapsulation mechanism https://en.wikipedia.org/wiki/Key_encapsulation_mechanism. It can be used to build a public key encryption scheme but it does not have the same properties as RSA which "is" a public key encryption scheme and also a signature scheme (which is where your confusion might come from).

You can create a public key certificate containing a Kyber public key but the certificate will need to be signed by some other algorithm such as Dilithium (a post-quantum signature) or even RSA, if you don't need post-quantum authentication.

[RaghuReddy]

Kyber is not a signature algorithm but a key encapsulation mechanism https://en.wikipedia.org/wiki/Key_encapsulation_mechanism. It can be used to build a public key encryption scheme but it does not have the same properties as RSA which "is" a public key encryption scheme and also a signature scheme (which is where your confusion might come from).

You can create a public key certificate containing a Kyber public key but the certificate will need to be signed by some other algorithm such as Dilithium (a post-quantum signature) or even RSA, if you don't need post-quantum authentication.

@Honzaik Thank you for the prompt reply and clarification, that addressed my query.