====== 3.1 Installation ======

Installation guide for OpenSSL 3.6 and .NET Runtime 8.0.

----

===== Check Prerequisites =====

<code bash>
# Check OpenSSL version
openssl version
# Expected: OpenSSL 3.6.0 or higher

# If present but too old:
which openssl    # Linux/macOS
where openssl    # Windows
</code>

----

===== OpenSSL 3.6.0+ =====

OpenSSL 3.6.0+ is required for ML-DSA((NIST FIPS 204: https://csrc.nist.gov/pubs/fips/204/final)) and ML-KEM((NIST FIPS 203: https://csrc.nist.gov/pubs/fips/203/final)).

==== Windows ====

**Option 1: Pre-compiled Binaries (recommended)**

Download from: [[https://slproweb.com/products/Win32OpenSSL.html|Shining Light Productions]]
  * Select: ''Win64 OpenSSL v3.6.x'' (Full, not Light)
  * Installation: ''C:\Program Files\OpenSSL''

**Option 2: Configure PATH**

<code powershell>
# Run as Administrator
[Environment]::SetEnvironmentVariable(
    "Path",
    $env:Path + ";C:\Program Files\OpenSSL\bin",
    "Machine")

# Verify (open new PowerShell)
openssl version
</code>

**Option 3: Set environment variable**

<code powershell>
# Set permanently
[Environment]::SetEnvironmentVariable("OPENSSL_PATH", "C:\Program Files\OpenSSL\bin", "Machine")

# Or temporarily in current session
$env:OPENSSL_PATH = "C:\Program Files\OpenSSL\bin"
</code>

==== Linux ====

**Ubuntu/Debian (if OpenSSL 3.6+ in repos):**
<code bash>
sudo apt update
sudo apt install openssl libssl-dev

# Check version
openssl version
</code>

**Compile from source (if repos too old):**
<code bash>
# Dependencies
sudo apt install build-essential checkinstall zlib1g-dev

# Download and build
cd /usr/local/src
sudo wget https://www.openssl.org/source/openssl-3.6.0.tar.gz
sudo tar -xzf openssl-3.6.0.tar.gz
cd openssl-3.6.0

sudo ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
sudo make -j$(nproc)
sudo make install

# Create symlinks
sudo ln -sf /usr/local/openssl/bin/openssl /usr/local/bin/openssl
sudo ln -sf /usr/local/openssl/lib64/libssl.so.3 /usr/lib/x86_64-linux-gnu/
sudo ln -sf /usr/local/openssl/lib64/libcrypto.so.3 /usr/lib/x86_64-linux-gnu/

# Update ldconfig
echo "/usr/local/openssl/lib64" | sudo tee /etc/ld.so.conf.d/openssl.conf
sudo ldconfig

# Verify
openssl version
</code>

==== macOS ====

<code bash>
# Homebrew
brew install openssl@3

# Export path
export OPENSSL_PATH=$(brew --prefix openssl@3)/lib
export PATH="$(brew --prefix openssl@3)/bin:$PATH"

# Make permanent (in ~/.zshrc or ~/.bash_profile)
echo 'export OPENSSL_PATH=$(brew --prefix openssl@3)/lib' >> ~/.zshrc
echo 'export PATH="$(brew --prefix openssl@3)/bin:$PATH"' >> ~/.zshrc

# Verify
openssl version
</code>

----

===== .NET Runtime 8.0 =====

==== Windows ====

<code powershell>
# Check installed runtimes
dotnet --list-runtimes

# If not present: Download from
# https://dotnet.microsoft.com/download/dotnet/8.0
# Select ".NET Runtime 8.0.x" (not SDK, unless for development)

# Verify after installation
dotnet --list-runtimes | Select-String "Microsoft.NETCore.App 8"
</code>

==== Linux ====

<code bash>
# Ubuntu/Debian
wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb

sudo apt update
sudo apt install dotnet-runtime-8.0

# Verify
dotnet --list-runtimes | grep "Microsoft.NETCore.App 8"
</code>

==== macOS ====

<code bash>
# Homebrew
brew install dotnet@8

# Or download from https://dotnet.microsoft.com/download/dotnet/8.0

# Verify
dotnet --list-runtimes | grep "Microsoft.NETCore.App 8"
</code>

----

===== Post-Installation: Verification =====

Run these commands to verify the installation:

<code bash>
# 1. OpenSSL version and build info
openssl version -a

# 2. PQ signatures available?
openssl list -signature-algorithms | grep -i "ml-dsa"
# Expected output: ML-DSA-44, ML-DSA-65, ML-DSA-87

# 3. PQ-KEM available?
openssl list -kem-algorithms | grep -i "ml-kem"
# Expected output: ML-KEM-512, ML-KEM-768, ML-KEM-1024

# 4. List providers
openssl list -providers
# Expected: default, base (and optionally: fips)

# 5. .NET Runtime
dotnet --list-runtimes
# Expected: Microsoft.NETCore.App 8.x.x
</code>

**Expected output for OpenSSL 3.6:**
<code>
OpenSSL 3.6.0 7 Nov 2024
built on: ...
OPENSSLDIR: "/usr/local/openssl"
</code>

----

===== Known Issues =====

^  Issue  ^  Cause  ^  Solution  ^
| ''libcrypto-3-x64.dll not found'' | OpenSSL not in PATH | Extend PATH or set ''OPENSSL_PATH'' |
| ''ML-DSA not found'' | OpenSSL too old | Install version 3.6.0+ |
| ''permission denied'' | Missing permissions | Use ''sudo'' or check permissions |
| Conflicts with system OpenSSL | Multiple versions | Set explicit path in ''OPENSSL_PATH'' |

----

===== Further Reading =====

  * [[.:konfiguration|Configuration]] – Environment variables, FIPS mode
  * [[.:betrieb|Operations]] – Health checks, certificates
  * [[.:troubleshooting|Troubleshooting]] – Common installation errors

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>installation openssl dotnet setup}}