openquantumsafe/oqs-ossl3
OpenSSL provider adding quantum-safe cryptography to OpenSSL (3).
50K+
This provides a ready-to-run build of the current master branch of OpenSSL (3) together with a provider implementing plain and hybrid OQS key exchange mechanisms according to draft-ietf-tls-hybrid-design-00 as well as plain and hybrid OQS signature algorithms for X.509 cert generation, CMS and DGST operations using the OpenSSL command line tools.
This docker image contains a version of OpenSSL3 built and extended with a provider enabling quantum-safe crypto (QSC) operations.
To this end, it contains liboqs as well as OpenSSL 3/master and oqs-provider from the OpenQuantumSafe project.
As different images providing the same base functionality may be available, e.g., for debug or performance-optimized operations, the image name oqs-ossl3
is consistently used in the description below. Be sure to adapt it to the image you want to use.
docker run -it openquantumsafe/oqs-ossl3
to start an OQS-enabled TLS test server.openssl s_client -connect localhost -groups kyber512
.The latter command returns all TLS information documenting use of OQS-enabled TLS. The parameter to the -groups
argument is any Kex Exchange algorithm supported by OQS-OpenSSL.
Beyond interacting with the built-in test server (utilizing openssl s_server
) the image can also be used to retrieve data from any OQS-enabled TLS (1.3) server with the command docker run -it oqs-ossl3 openssl s_client -connect <OQS-server address:port> --groups <suitable KEM>
.
The usual OpenSSL commands can be used to query for algorithms supported, e.g., openssl list -signature-algorithms
.
The usual OpenSSL commands can be used to generate certificates, e.g., openssl req -x509 -new -newkey dilithium2 -keyout CA.key -out CA.crt -nodes -subj "/CN=test CA"
The usual OpenSSL commands can be used to inspect certificates, perform CMD and dgst generation/verification as per the usual OpenSSL commands (x509
, cms
, dgst
). See current oqsprovider documentation for more worked examples.
This image is limited in functionality as per the open issues documented for oqs-provider. It also is not fit for productive use.
docker pull openquantumsafe/oqs-ossl3