[API Proposal]: SLH-DSA

[PranavSenthilnathan]

Based on the initial API outlined in #113506.

The PKCS#8 and SPKI APIs for SLH-DSA were approved in #114453 for ML-KEM. They are repeated here just for completeness.

API Proposal

namespace System.Security.Cryptogrpahy
{
    // System.Security.Cryptography and Microsoft.Bcl.Cryptography
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public abstract class SlhDsa : IDisposable
    {
        public static bool IsSupported { get; }

        protected SlhDsa(SlhDsaAlgorithm algorithm);

        public SlhDsaAlgorithm Algorithm { get; }

        // Sign/Verify
        public byte[] SignData(byte[] data, byte[]? context = null);
        public void SignData(ReadOnlySpan<byte> data, Span<byte> destination, ReadOnlySpan<byte> context = default);
        protected abstract void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, Span<byte> destination);
        
        public bool VerifyData(byte[] data, byte[] signature, byte[]? context = null);
        public bool VerifyData(ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature, ReadOnlySpan<byte> context = default);
        protected abstract bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature);

        public byte[] SignPreHash(byte[] hash, string hashAlgorithmOid, byte[]? context = null);
        public void SignPreHash(ReadOnlySpan<byte> hash, Span<byte> destination, string hashAlgorithmOid, ReadOnlySpan<byte> context = default);
        protected abstract void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination);

        public bool VerifyPreHash(byte[] hash, byte[] signature, string hashAlgorithmOid, byte[]? context = null);
        public bool VerifyPreHash(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> signature, string hashAlgorithmOid, ReadOnlySpan<byte> context = default);
        protected abstract bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature);

        // Create/Import/Export
        public static SlhDsa GenerateKey(SlhDsaAlgorithm algorithm);

        public static SlhDsa ImportSlhDsaPublicKey(SlhDsaAlgorithm algorithm, byte[] source);
        public static SlhDsa ImportSlhDsaPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);

        public static SlhDsa ImportSlhDsaSecretKey(SlhDsaAlgorithm algorithm, byte[] source);
        public static SlhDsa ImportSlhDsaSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);

        public byte[] ExportSlhDsaPublicKey();
        public void ExportSlhDsaPublicKey(Span<byte> destination);
        protected abstract void ExportSlhDsaPublicKeyCore(Span<byte> destination);

        public byte[] ExportSlhDsaSecretKey();
        public void ExportSlhDsaSecretKey(Span<byte> destination);
        protected abstract void ExportSlhDsaSecretKeyCore(Span<byte> destination);
        
        // SPKI / PKCS#8
        public static SlhDsa ImportSubjectPublicKeyInfo(byte[] source);
        public static SlhDsa ImportSubjectPublicKeyInfo(ReadOnlySpan<byte> source);

        public static SlhDsa ImportPkcs8PrivateKey(byte[] source);
        public static SlhDsa ImportPkcs8PrivateKey(ReadOnlySpan<byte> source);

        public static SlhDsa ImportFromPem(ReadOnlySpan<char> source);
        public static SlhDsa ImportFromPem(string source);

        public static SlhDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, ReadOnlySpan<byte> source);
        public static SlhDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> source);
        public static SlhDsa ImportEncryptedPkcs8PrivateKey(string password, byte[] source);

        public static SlhDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<byte> passwordBytes);
        public static SlhDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<char> password);
        public static SlhDsa ImportFromEncryptedPem(string source, byte[] passwordBytes);
        public static SlhDsa ImportFromEncryptedPem(string source, string password);

        public byte[] ExportSubjectPublicKeyInfo();
        public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesWritten);
        public string ExportSubjectPublicKeyInfoPem();

        public byte[] ExportPkcs8PrivateKey();
        public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritten);
        protected virtual bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten);
        public string ExportPkcs8PrivateKeyPem();

        public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters);
        public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters);
        public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters);
        public bool TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);
        public bool TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);
        public bool TryExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);

        public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters);
        public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> password, PbeParameters pbeParameters);
        public string ExportEncryptedPkcs8PrivateKeyPem(string password, PbeParameters pbeParameters);

        public void Dispose();
        protected virtual void Dispose(bool disposing);
    }

    // System.Security.Cryptography and Microsoft.Bcl.Cryptography
    [DebuggerDisplay("{Name,nq}")]
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public sealed class SlhDsaAlgorithm : IEquatable<SlhDsaAlgorithm>
    {
        internal SlhDsaAlgorithm();

        public string Name { get; }
        public int PublicKeySizeInBytes { get; }
        public int SecretKeySizeInBytes { get; }
        public int SignatureSizeInBytes { get; }

        public static SlhDsaAlgorithm SlhDsaSha2_128f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_128s { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_192f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_192s { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_256f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_256s { get; }
        public static SlhDsaAlgorithm SlhDsaShake128f { get; }
        public static SlhDsaAlgorithm SlhDsaShake128s { get; }
        public static SlhDsaAlgorithm SlhDsaShake192f { get; }
        public static SlhDsaAlgorithm SlhDsaShake192s { get; }
        public static SlhDsaAlgorithm SlhDsaShake256f { get; }
        public static SlhDsaAlgorithm SlhDsaShake256s { get; }

        public bool Equals(SlhDsaAlgorithm? other);

        public static bool operator ==(SlhDsaAlgorithm? left, SlhDsaAlgorithm? right);
        public static bool operator !=(SlhDsaAlgorithm? left, SlhDsaAlgorithm? right);
    }

    // System.Security.Cryptography only
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public sealed class SlhDsaOpenSsl : SlhDsa
    {
        [UnsupportedOSPlatformAttribute("android")]
        [UnsupportedOSPlatformAttribute("browser")]
        [UnsupportedOSPlatformAttribute("ios")]
        [UnsupportedOSPlatformAttribute("osx")]
        [UnsupportedOSPlatformAttribute("tvos")]
        [UnsupportedOSPlatformAttribute("windows")]
        public SlhDsaOpenSsl(SafeEvpPKeyHandle pkeyHandle);

        public SafeEvpPKeyHandle DuplicateKeyHandle();
    }
}

namespace System.Security.Cryptography.X509Certificates
{
    // System.Security.Cryptography only
    public sealed partial class CertificateRequest
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CertificateRequest(X500DistinguishedName subjectName, SlhDsa key);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CertificateRequest(string subjectName, SlhDsa key);
    }
    
    // System.Security.Cryptography only
    public sealed partial class PublicKey
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public PublicKey(SlhDsa key);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        [UnsupportedOSPlatformAttribute("browser")]
        public SlhDsa? GetSlhDsaPublicKey();
    }

    // System.Security.Cryptography only
    public partial class X509Certificate2
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public X509Certificate2 CopyWithPrivateKey(SlhDsa privateKey);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public SlhDsa? GetSlhDsaPrivateKey();

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public SlhDsa? GetSlhDsaPublicKey();
    }

    // System.Security.Cryptography only
    public abstract partial class X509SignatureGenerator
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public static X509SignatureGenerator CreateForSlhDsa(SlhDsa key);
    }

    // Microsoft.Bcl.Cryptography only
    public static partial class X509CertificateKeyAccessors
    {
        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static SlhDsa? GetSlhDsaPublicKey(this X509Certificate2 certificate);

        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static SlhDsa? GetSlhDsaPrivateKey(this X509Certificate2 certificate);

        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, SlhDsa privateKey)
    }
}

#if NET
namespace System.Security.Cryptography.Pkcs
{
    public sealed partial class CmsSigner
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? certificate, SlhDsa? privateKey);

        public bool HasPrivateKey { get; }
    }
}
#endif

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

[vcsjones]

• SlhDsaAlgorithm should be IEquatable.

[bartonjs]

• I think we want to just hold back the Cng things for a followup. But:
  • Do we have enough at the CNG level for someone to be able to make an SLH-DSA key "nicely" using CngKey.Create? I'd expect the parameter set to go somewhere... a CngProperty property name that should be exposed, maybe?
  • While SlhDsaOpenSsl is S.S.Cryptography only, the Cng one might need to go into M.Bcl.Crypto. Sure, the other Cng changes can't go with it, but they're all just strings.
• The // Existing class comments can mainly be removed... that should just be conveyed by the proposal using the partial class modifier. (The comment about which library/package are useful, though)
• X509CertificateKeyAccessors exists at this point, so it's not a new class, and "needs" partial.

[PranavSenthilnathan]

• Do we have enough at the CNG level for someone to be able to make an SLH-DSA key "nicely" using CngKey.Create? I'd expect the parameter set to go somewhere... a CngProperty property name that should be exposed, maybe?

Depends on what you mean by nicely 😄 Besides the marshalling, it's pretty easy:

https://github.com/PranavSenthilnathan/runtime/blob/45704b4fb08575542fec4c6f9817872c03a8f0c8/src/libraries/System.Security.Cryptography/tests/MLDsaCngTests.Windows.cs#L16-L30

• While SlhDsaOpenSsl is S.S.Cryptography only, the Cng one might need to go into M.Bcl.Crypto. Sure, the other Cng changes can't go with it, but they're all just strings.

As far as I can tell the other DSAs don't have the Cng implementations in Microsoft.Bcl.Crypto.. do we want to expose this? If we need it for cert stuff, we could just make it internal unless we want to let users interact with it directly.

[bartonjs]

As far as I can tell the other DSAs don't have the Cng implementations in Microsoft.Bcl.Crypto...

ECDsa and DSA (and RSA) already exist in Framework, so they don't need to be in M.B.C. MLDsa hasn't made it far enough to make the MLDsaCng type; so SLH-DSA is blazing the trail here.

If we need it for cert stuff...

There's just a whole passel of stuff where people may want/need to interact with CNG and the keys; which means both that we need to make a SlhDsa (et al) from a CngKey, and that after importing a certificate from a PKCS12/PFX someone might want to grab the resulting CngKey and do stuff to it (if I recall correctly, the export policy is malleable from the time of import until the time of first use, so some people use that fact to tweak things).

It's really about making sure that there's a complete story for .NET Framework (Windows-only).

[PranavSenthilnathan]

Removed the Cng stuff for now. SLH-DSA doesn't have an implementation in Windows yet, so we can get the ML-DSA CNG API approved first.

[bartonjs]

Video

• We removed CmsSigner.HasPrivateKey because it was a) slightly confusing, and b) didn't have a strong use case.

namespace System.Security.Cryptogrpahy
{
    // System.Security.Cryptography and Microsoft.Bcl.Cryptography
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public abstract class SlhDsa : IDisposable
    {
        public static bool IsSupported { get; }

        protected SlhDsa(SlhDsaAlgorithm algorithm);

        public SlhDsaAlgorithm Algorithm { get; }

        // Sign/Verify
        public byte[] SignData(byte[] data, byte[]? context = null);
        public void SignData(ReadOnlySpan<byte> data, Span<byte> destination, ReadOnlySpan<byte> context = default);
        protected abstract void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, Span<byte> destination);
        
        public bool VerifyData(byte[] data, byte[] signature, byte[]? context = null);
        public bool VerifyData(ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature, ReadOnlySpan<byte> context = default);
        protected abstract bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature);

        public byte[] SignPreHash(byte[] hash, string hashAlgorithmOid, byte[]? context = null);
        public void SignPreHash(ReadOnlySpan<byte> hash, Span<byte> destination, string hashAlgorithmOid, ReadOnlySpan<byte> context = default);
        protected abstract void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination);

        public bool VerifyPreHash(byte[] hash, byte[] signature, string hashAlgorithmOid, byte[]? context = null);
        public bool VerifyPreHash(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> signature, string hashAlgorithmOid, ReadOnlySpan<byte> context = default);
        protected abstract bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature);

        // Create/Import/Export
        public static SlhDsa GenerateKey(SlhDsaAlgorithm algorithm);

        public static SlhDsa ImportSlhDsaPublicKey(SlhDsaAlgorithm algorithm, byte[] source);
        public static SlhDsa ImportSlhDsaPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);

        public static SlhDsa ImportSlhDsaSecretKey(SlhDsaAlgorithm algorithm, byte[] source);
        public static SlhDsa ImportSlhDsaSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);

        public byte[] ExportSlhDsaPublicKey();
        public void ExportSlhDsaPublicKey(Span<byte> destination);
        protected abstract void ExportSlhDsaPublicKeyCore(Span<byte> destination);

        public byte[] ExportSlhDsaSecretKey();
        public void ExportSlhDsaSecretKey(Span<byte> destination);
        protected abstract void ExportSlhDsaSecretKeyCore(Span<byte> destination);
        
        // SPKI / PKCS#8
        public static SlhDsa ImportSubjectPublicKeyInfo(byte[] source);
        public static SlhDsa ImportSubjectPublicKeyInfo(ReadOnlySpan<byte> source);

        public static SlhDsa ImportPkcs8PrivateKey(byte[] source);
        public static SlhDsa ImportPkcs8PrivateKey(ReadOnlySpan<byte> source);

        public static SlhDsa ImportFromPem(ReadOnlySpan<char> source);
        public static SlhDsa ImportFromPem(string source);

        public static SlhDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, ReadOnlySpan<byte> source);
        public static SlhDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> source);
        public static SlhDsa ImportEncryptedPkcs8PrivateKey(string password, byte[] source);

        public static SlhDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<byte> passwordBytes);
        public static SlhDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<char> password);
        public static SlhDsa ImportFromEncryptedPem(string source, byte[] passwordBytes);
        public static SlhDsa ImportFromEncryptedPem(string source, string password);

        public byte[] ExportSubjectPublicKeyInfo();
        public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesWritten);
        public string ExportSubjectPublicKeyInfoPem();

        public byte[] ExportPkcs8PrivateKey();
        public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritten);
        protected virtual bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten);
        public string ExportPkcs8PrivateKeyPem();

        public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters);
        public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters);
        public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters);
        public bool TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);
        public bool TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);
        public bool TryExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten);

        public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters);
        public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> password, PbeParameters pbeParameters);
        public string ExportEncryptedPkcs8PrivateKeyPem(string password, PbeParameters pbeParameters);

        public void Dispose();
        protected virtual void Dispose(bool disposing);
    }

    // System.Security.Cryptography and Microsoft.Bcl.Cryptography
    [DebuggerDisplay("{Name,nq}")]
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public sealed class SlhDsaAlgorithm : IEquatable<SlhDsaAlgorithm>
    {
        internal SlhDsaAlgorithm();

        public string Name { get; }
        public int PublicKeySizeInBytes { get; }
        public int SecretKeySizeInBytes { get; }
        public int SignatureSizeInBytes { get; }

        public static SlhDsaAlgorithm SlhDsaSha2_128f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_128s { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_192f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_192s { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_256f { get; }
        public static SlhDsaAlgorithm SlhDsaSha2_256s { get; }
        public static SlhDsaAlgorithm SlhDsaShake128f { get; }
        public static SlhDsaAlgorithm SlhDsaShake128s { get; }
        public static SlhDsaAlgorithm SlhDsaShake192f { get; }
        public static SlhDsaAlgorithm SlhDsaShake192s { get; }
        public static SlhDsaAlgorithm SlhDsaShake256f { get; }
        public static SlhDsaAlgorithm SlhDsaShake256s { get; }

        public bool Equals(SlhDsaAlgorithm? other);

        public static bool operator ==(SlhDsaAlgorithm? left, SlhDsaAlgorithm? right);
        public static bool operator !=(SlhDsaAlgorithm? left, SlhDsaAlgorithm? right);
    }

    // System.Security.Cryptography only
    [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
    public sealed class SlhDsaOpenSsl : SlhDsa
    {
        [UnsupportedOSPlatformAttribute("android")]
        [UnsupportedOSPlatformAttribute("browser")]
        [UnsupportedOSPlatformAttribute("ios")]
        [UnsupportedOSPlatformAttribute("osx")]
        [UnsupportedOSPlatformAttribute("tvos")]
        [UnsupportedOSPlatformAttribute("windows")]
        public SlhDsaOpenSsl(SafeEvpPKeyHandle pkeyHandle);

        public SafeEvpPKeyHandle DuplicateKeyHandle();
    }
}

namespace System.Security.Cryptography.X509Certificates
{
    // System.Security.Cryptography only
    public sealed partial class CertificateRequest
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CertificateRequest(X500DistinguishedName subjectName, SlhDsa key);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CertificateRequest(string subjectName, SlhDsa key);
    }
    
    // System.Security.Cryptography only
    public sealed partial class PublicKey
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public PublicKey(SlhDsa key);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        [UnsupportedOSPlatformAttribute("browser")]
        public SlhDsa? GetSlhDsaPublicKey();
    }

    // System.Security.Cryptography only
    public partial class X509Certificate2
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public X509Certificate2 CopyWithPrivateKey(SlhDsa privateKey);

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public SlhDsa? GetSlhDsaPrivateKey();

        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public SlhDsa? GetSlhDsaPublicKey();
    }

    // System.Security.Cryptography only
    public abstract partial class X509SignatureGenerator
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public static X509SignatureGenerator CreateForSlhDsa(SlhDsa key);
    }

    // Microsoft.Bcl.Cryptography only
    public static partial class X509CertificateKeyAccessors
    {
        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static SlhDsa? GetSlhDsaPublicKey(this X509Certificate2 certificate);

        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static SlhDsa? GetSlhDsaPrivateKey(this X509Certificate2 certificate);

        [Experimental("SYSLIB5006", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
        public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, SlhDsa privateKey)
    }
}

#if NET
namespace System.Security.Cryptography.Pkcs
{
    public sealed partial class CmsSigner
    {
        [Experimental("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
        public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? certificate, SlhDsa? privateKey);

        public bool HasPrivateKey { get; }
    }
}
#endif