1. Home
  2. /
  3. Use cases
  4. /
  5. Try Quantum-safe Cryptography PKI

Try Quantum-safe Cryptography PKI

EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) quantum-safe algorithms. Try them for your Root CAs, Issuing CAs, and end entities for code signing.

hero-sub-2

Challenge

Migrating to new algorithms and ensuring compatibility

Migrating to new quantum-safe cryptography algorithms requires careful evaluation of existing solutions and properly optimizing the environment. As a developer, you must take into consideration:

  • Which algorithms have broad compatibility
  • Use case-specific requirements
  • The benefits and complexities of hybrid certificates
  • How to operationalize (i.e system architecture, infrastructure needs, HSM support, and protocol compatibility
  • Which legacy systems may need “isolation” and be front-ended with enhanced security

You can also read more here:

Get ready for Quantum-safe Cryptography

arrow

Solution

Seamless support for Quantum-safe PKI with EJBCA

The reality is that there are still many unanswered questions, and it will take some time before all the pieces fall into place. EJBCA offers a seamless solution for issuing quantum-ready Public Key Infrastructure (PKI) certificates alongside the existing PKI within the same environment. This ensures a smooth experience with minimal disruption to your current infrastructure and environments. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.

EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) algorithms for Root CAs, Issuing CAs, and End entities. While Certificate Revocation Lists (CRLs) can be generated, certain aspects such as Online Certificate Status Protocol (OCSP) and other protocols are still in the development phase and will be made available in the future.

Check out our how-tos and videos on:

  • Issue ML-DSA (Dilithium) code signing certificate with EJBCA and sign code in SignServer
  • Creating a quantum-ready hybrid certificate using the Bouncy Castle Kotlin project

Please note, that the final standard for the selected quantum-safe algorithms is planned to be released by NIST in early 2024. Until then, we recommend not to use the algorithms in production environments. 

Tutorials

EJBCA logo website
Get started
Post quantum
2024-03-14

Set up a PQC EJBCA PKI test drive in minutes

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
EJBCA
EJBCA logo website
Post quantum
2023-06-05

ML-DSA (Dilithium) signing certificate and code signing in SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
ML-DSA
EJBCA logo website
Post quantum
2023-06-05

Create Hybrid Certificates through BC Kotlin

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Bouncy Castle

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Industrial Cybersecurity & IoT
Installation & Deployment
Tech Update
Ejbca
14 May, 2024

#KEYMASTER – Certificate Revocation strategies, CRL or OCSP or maybe both?

In this Keymaster’s chat, Joey throws some questions at Sven on certificate r...
PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Signing
Tech Update
Ejbca
7 May, 2024

#KEYMASTER – Exploring PKI, Signing, and Cryptography Through Short Videos

From nuanced discussions to enlightening exchanges on common questions, we ai...
Keyfactor Blog
DevOps
Industrial Cybersecurity & IoT
Installation & Deployment
Blog
Ejbca
24 April, 2024

Finding Your EJBCA Persona: An Engineer’s Guide to Embarking on the PKI Journey

Embarking on the journey of setting up a first PKI (Public Key Infrastructure...

Related open-source projects