This should use the const (and UrlFormat, as being introduced in #115412)

[Experimental(Experimentals.PostQuantumCryptographyDiagId)]

@barotnjs I don't know where we landed on this - but shouldn't the experimental be on the class? Like, if we ship the class it would, technically, be an unguarded breaking change for us to remove it, if we needed to.

If we put it on the class, but then mark ML-DSA (or whatever) as "not Experimental" while one of the rest still is, we have to be diligent at moving the Experimentals down to each remaining member.

We could also put it on the class until there's one stable member so that we don't end up with "well, we deleted everything, because all of PQC got abandoned by the industry before the specs all went final-stable.... so now we have this empty static class"... but I don't really see that outcome, so I don't feel like the class-level one is warranted.

We could also put it on the class until there's one stable member so that we don't end up with "well, we deleted everything, because all of PQC got abandoned by the industry before the specs all went final-stable.

More like, "It turns out that extensions are not the right shape for [whatever reason]" but, okay.

Maybe we should EB-Never this for .NET 10+?

Since we are using a single class for all of the algorithm names, the tests here should have SLH-DSA somewhere in the test name (repeat feedback for all tests in fixture)

Will this assert even be hit because it's a ConditionalFact?

• Windows returns false right now....
• OOB Linux should return false right now...

So I am failing to see when this #else will be hit.

We should dispose of the cert and the key.

I don't think this if is ever going to be hit because this is the CAPI path and I would be... surprised... if and PQC types worked with CAPI. ECDsa doesn't, either, which is why ECDsa is not here.

I think this is adding a BOM. We try to keep BOMs out of this repo, if I remember correctly.

YESSS. Finally some use of SHAKE!

Note that we did not OOB any of the SHA-3 APIs. So, if you think this is going to be needed to make CMS work for .NET Standard or .NET 9, then the Shake API's won't be available.

We didn't get set a good example in the other algorithms, but this should be disposed (The classic-crypto algs can be cleaned up in a separate PR. Maybe we should make an issue for that?)

This shows that it exports the correct public key, but not that it's not a private key.

It should look for a CryptographicException from signing something. (Looking for an exception from exporting the private key isn't quite right, since that would also happen from a non-exportable private key... though X509Certificate2.CreateFromPem shouldn't make one of those).

The test is already conditional on SlhDsa.IsSupported. So why is it using #if, and why would it expect failure?

The test should also check that GetSlhDsaPublicKey is returning a public-only key when a private key is available.

If we put it on the class, but then mark ML-DSA (or whatever) as "not Experimental" while one of the rest still is, we have to be diligent at moving the Experimentals down to each remaining member.

We could also put it on the class until there's one stable member so that we don't end up with "well, we deleted everything, because all of PQC got abandoned by the industry before the specs all went final-stable.... so now we have this empty static class"... but I don't really see that outcome, so I don't feel like the class-level one is warranted.

Likewise, more algorithms need to be disposed (and cleanup for the others can happen separately)

Just have to be careful here to not dispose of the key if it was passed in externally.

// If there's no private key, fall back to the public key for a "no private key" exception.

Seems like a roundabout way of doing it... can we just throw here ourselves or do we prefer the exception coming from the cert?

Since this has a type forward to .NET Framework, we try to be exception compatible with .NET Framework, and this is what .NET Framework does.