Unable to generate certificate with Ed25519-Dilithium2 digital signature

[Vlad-Magdysh]

Hello!

I tried to use post-quantum digital signature generation in my application and faced an issue. There is go/src/crypto/tls/generate_cert.go file, and if I run it inside the cloudflare/go fork it works. I run it on Ubuntu 24 inside the directory ~/cloudlflare_go/go/src/crypto/tls with the command like this:
~/cloudlflare_go/go/bin/go run ./generate_cert.go --host localhost --circl "Ed25519-Dilithium2"

But if I copy the generate_cert.go file to the custom project, install the necessary cloudflare/circl version and run the same command from the custom project directory:
~/cloudlflare_go/go/bin/go run ./generate_cert.go --host localhost --circl "Ed25519-Dilithium2"
I got the error from signingParamsForPublicKey function:
"Failed to create certificate: x509: only RSA, ECDSA, Ed25519 and circl keys supported
exit status 1"

I tried to do it in a new go module and synchronized their dependencies such as github.com/cloudflare/circl v1.4.1-0.20240905130006-2d6cd9871f69, etc.
Moreover, after several tries, I copied the /go/src/vendor, /go/src/go.mod, /go/src/go.sum to the project, but I got this issue again and again.

For debug purposes, I added the code to convert the public key to circlSign.PublicKey inside the signingParamsForPublicKey function and received the panic: interface conversion: *eddilithium2.PublicKey is not sign.PublicKey: missing method Scheme

I would greatly appreciate your assistance!

[bwesterb]

The reason is that there are two copies of the Circl Dilithium key type: the one of the vendored Circl inside the Go standard library, and the regular Circl. The Go standard library only recognises the internal Dilithium2 key type.

I haven't quite figured out what would be the most elegant method to solve this.