Desired properties of V4 format artifact file

[johngray-dev]

As per #111 the next artifact version file should have the following properties

• Use only the latest OIDs so it is not encumbered by many of the older formats
• Use DER encoding so that PEM encoding issues get eliminated.

[johngray-dev]

• Discussion of adding private keys to the format in the June meeting. Especially with some cases with seeds and such.

[johngray-dev]

Specify the list of OIDS to be used in each artifact format.

[johngray-dev]

Also add a friendly Name so its easy to identify which algorithm it is.

[johngray-dev]

Certificates - artifacts_certs_r4.zip

Starting with artifacts for the NIST standards released 2024-08-13, we will use a much simpler artifact format:

• Only produce a self-signed certificate (TAs).
• We will restrict the R4 artifacts to only the algorithms with NIST standards.
• Use DER Encoding format (so that PEM encoding doesn't cause issues)
• Use a flat folder structure with filenames -_ta.pem
• For ML-KEM, use the the ML-DSA TA of the equivalent security level to sign a <ML-KEM_oid>_ee.pem
• For hybrid certificate formats, name the file <hybrid_format>_<oid1>_with_<oid2>_ta.pem

Within providers/<provider_name>/[implementation_name/]

• artifacts_certs_r4.zip
  • <algname>-<oid>_ta.pem # self-signed cert for signature alg oids
  • <algname>-<oid>_ee.pem # ex.: ML-KEM-512 - signed with ML-DSA-44
  • <hybrid_format>_<oid1>_with_<oid2>_ta.pem # ex.: catalyst_1.2.840.10045.4.3.2_with_1.3.6.1.4.1.2.267.12.4.4_ta.pem

The KEM end entity certificate can be used to validate encrypted artifacts in either the CMS or CMP artifacts zips.

[johngray-dev]

Added V4 format into the main readme and deprecated the older V3 and V2 formats. The automation will need to be updated to read V4 format files now. 1caea6e