We have added the Dilithium command to wolfCLU. Dilithium (referred to as ML-DSA by NIST) is a post-quantam cryptography (PQC) algorithm for signing and verification. This blog post provides an overview of how to use the Dilithium command in wolfCLU.
To use the Dilithium command, you must first build wolfSSL with the appropriate configuration options: `–enable-wolfclu` and `–enable-dilithium`.
Building wolfSSL:
$ cd wolfssl $ ./autogen.sh $ ./configurte –enable-wolfclu –enable-dilithium $ make && make check $ sudo make install
Once wolfSSL is built and installed, you can build wolfCLU. No additional macros are required for this step. After installing, you can check wolfssl command version.
Building wolfCLU:
$ cd wolfclu $ ./autogen.sh $ ./configure $ make && make check $ sudo make install $ wolfssl -v
Key Generation:
To generate a Dilithium key pair, use the “-genkey” command. Dilithium supports different security levels (2, 3, and 5) as defined by NIST. You can specify the security level using “-level” and the output filename using “-out”.
$ wolfssl -genkey dilithium -level 2 -out dilithium_key -outform der -output keypair
Sign:
To sign a file with the Dilithium private key, use the “-sign” command. Specify the private key with “-inkey”, the file to be signed with “-in”, and the output signature file with “-out”.
$ wolfssl dilithium -sign -inkey dilithium_key.priv -inform der -in test.txt -out signature.sig
Verify:
To verify a signed file, use the “-verify” command. Provide the public key using “-inkey”, the file to verify with “-in”, and the signature file with “-sigfile”. If the signature is valid, the output will display “Valid Signature”. If not, it will display “Invalid Signature”.
$ wolfssl dilithium -verify -inkey dilithium_key.pub -inform der -in test.txt -sigfile signature.sig
With these steps, you can easily generate keys, sign files and verify signatures using the Dilithium command in wolfCLU.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now