From 023bc275a94590e920bca85015191dc5f5271a79 Mon Sep 17 00:00:00 2001 From: Mike Ounsworth Date: Tue, 3 Oct 2023 07:54:40 -0500 Subject: [PATCH] Updated R3 zip format to cover hybrid cert formats --- readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/readme.md b/readme.md index 66dce80e..4b0f038e 100644 --- a/readme.md +++ b/readme.md @@ -94,11 +94,13 @@ Starting with artifacts for the NIST Draft standards released 2023-08-24, we wil * Use PEM formats. * Switch to a flat folder structure with filenames _ta.pem * For Kyber, use the the Dilithium TA of the equivalent security level to sign a _ee.pem +* For hybrid certificate formats, name the file `__with__ta.pem` Within `providers//` - artifacts_certs_r3.zip - `_ta.pem` # self-signed cert for signature alg oids - `_ee.pem` # ex.: Kyber512 - signed with Dilithium2 + - `__with__ta.pem` # ex.: catalyst_1.2.840.10045.4.3.2_with_1.3.6.1.4.1.2.267.12.4.4_ta.pem The KEM end entity certificate can be used to validate encrypted artifacts in either the CMS or CMP artifacts zips.