Re: [PR] Camel-PQC - Document Digital Signature EIP usage with PQC algorithms [camel]

Thu, 19 Mar 2026 09:38:59 -0700 


oscerd commented on PR #22113:
URL: https://github.com/apache/camel/pull/22113#issuecomment-4091529230

   > _Review posted by Claude Code on behalf of Guillaume Nodet_
   > 
   > Nice documentation addition! The structure is clear, the examples cover 
the key scenarios well, and the comparison table between camel-crypto and 
camel-pqc is very helpful.
   > 
   > One functional issue in the examples:
   > 
   > ### Key generation produces non-matching key pairs
   > In the "Raw keys" ML-DSA example, `mlDsaPrivateKey()` and 
`mlDsaPublicKey()` each call `KeyPairGenerator.generateKeyPair()` 
**independently**, producing **two different key pairs**:
   > 
   > ```java
   > @BindToRegistry("mlDsaPrivateKey")
   > public PrivateKey mlDsaPrivateKey() throws Exception {
   >     KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
   >     kpGen.initialize(MLDSAParameterSpec.ml_dsa_65);
   >     return kpGen.generateKeyPair().getPrivate();  // key pair A
   > }
   > 
   > @BindToRegistry("mlDsaPublicKey")
   > public PublicKey mlDsaPublicKey() throws Exception {
   >     KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
   >     kpGen.initialize(MLDSAParameterSpec.ml_dsa_65);
   >     return kpGen.generateKeyPair().getPublic();   // key pair B — 
different!
   > }
   > ```
   > 
   > Signing with the private key from pair A and verifying with the public key 
from pair B will always fail. Should generate a single `KeyPair` and extract 
both keys from it, e.g.:
   > 
   > ```java
   > private KeyPair mlDsaKeyPair;
   > 
   > private KeyPair getMlDsaKeyPair() throws Exception {
   >     if (mlDsaKeyPair == null) {
   >         KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ML-DSA", 
"BC");
   >         kpGen.initialize(MLDSAParameterSpec.ml_dsa_65);
   >         mlDsaKeyPair = kpGen.generateKeyPair();
   >     }
   >     return mlDsaKeyPair;
   > }
   > 
   > @BindToRegistry("mlDsaPrivateKey")
   > public PrivateKey mlDsaPrivateKey() throws Exception {
   >     return getMlDsaKeyPair().getPrivate();
   > }
   > 
   > @BindToRegistry("mlDsaPublicKey")
   > public PublicKey mlDsaPublicKey() throws Exception {
   >     return getMlDsaKeyPair().getPublic();
   > }
   > ```
   > 
   > The same issue affects the SLH-DSA example (`slhDsaPrivateKey()` / 
`slhDsaPublicKey()`).
   > 
   > The "Dynamic keys via headers" example is correct since it generates a 
single `KeyPair kp` and uses both `kp.getPrivate()` and `kp.getPublic()`.
   
   Should be addressed now


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to