support finalized NIST PQC signature algorithms

[e4711s]

Now that NIST has finalized the first PQC algorithms and BouncyCastle supports them (1.79+), it would be beneficial to have some measure of support in KSE.

Certificates signed with ML-DSA and SLH-DSA should be supported, both as primary signature and alternate signature (via extensions subjectAltPublicKeyInfo (2.5.29.72), altSignatureAlgorithm (2.5.29.73) and altSignatureValue (2.5.29.74)).

[kaikramer]

It might still be a little bit too early. Not everything around ML-DSA and SLH-DSA is in a final state yet, for example the specs for the OIDs are still in a draft status:
https://datatracker.ietf.org/doc/draft-ietf-lamps-x509-slhdsa/
https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/

But apart from that I agree that KSE should support PQC algorithms in the near future. Do you want to work on this?

[e4711s]

Sorry, I was not aware of the OIDs still being in draft status. In that case it makes sense to wait.
I'll probably won't be able to contribute code at the moment. If that should change, I'll let you know.

[mouse07410]

It turns out that we need to experiment with PQC certificates.

It would be great if you could release support for at least ML-DSA-87 and ML-KEM-1024, even with draft OIDs. Looks like BouncyCastle already includes support for them.

[jgrateron]

To add to this context on the new algorithms, I just received this article. Let's hope to see soon if the deadlines can be met.

https://billatnapier.medium.com/shock-news-sha-256-ecdsa-and-rsa-not-approved-in-australia-by-2030-3d1c286cad58