Skip to content

crypto: default ML-KEM and ML-DSA pkcs8 export to seed-only format#62178

Open
panva wants to merge 1 commit intonodejs:mainfrom
panva:ml-dsa-ml-kem-seed-only
Open

crypto: default ML-KEM and ML-DSA pkcs8 export to seed-only format#62178
panva wants to merge 1 commit intonodejs:mainfrom
panva:ml-dsa-ml-kem-seed-only

Conversation

@panva
Copy link
Member

@panva panva commented Mar 10, 2026

Configure OpenSSL provider parameters to prefer seed-only format when exporting ML-KEM and ML-DSA private keys that contain a seed. Keys without a seed continue to use the private-only format.

The both format will likely not be supported by BoringSSL and Web Cryptography at all and is overall the better format.

@panva panva added crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version. labels Mar 10, 2026
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 10, 2026

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Mar 10, 2026
@panva
crypto: default ML-KEM and ML-DSA pkcs8 export to seed-only format
a6d312b 
Configure OpenSSL provider parameters to prefer seed-only format
when exporting ML-KEM and ML-DSA private keys that contain a seed.
Keys without a seed continue to use the private-only format.
@panva panva force-pushed the ml-dsa-ml-kem-seed-only branch from cd1c129 to a6d312b Compare March 10, 2026 11:00
@panva
Copy link
Member Author

panva commented Mar 10, 2026

cc @nodejs/tsc I would like to get this in for v26.x

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@codecov
Copy link

codecov bot commented Mar 10, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.65%. Comparing base (ae228c1) to head (a6d312b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62178      +/-   ##
==========================================
- Coverage   89.65%   89.65%   -0.01%     
==========================================
  Files         676      676              
  Lines      206546   206553       +7     
  Branches    39558    39549       -9     
==========================================
- Hits       185179   185176       -3     
+ Misses      13485    13483       -2     
- Partials     7882     7894      +12
Files with missing lines Coverage Δ
src/crypto/crypto_util.cc 72.81% <100.00%> (-0.03%) ⬇️

... and 33 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 10, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/71657/

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anonrig anonrig anonrig approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. semver-major PRs that contain breaking changes and should be released in the next major version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@panva @nodejs-github-bot @anonrig