EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) quantum-safe algorithms. Try them for your Root CAs, Issuing CAs, and end entities for code signing.
Challenge
Migrating to new quantum-safe cryptography algorithms requires careful evaluation of existing solutions and properly optimizing the environment. As a developer, you must take into consideration:
You can also read more here:
Solution
The reality is that there are still many unanswered questions, and it will take some time before all the pieces fall into place. EJBCA offers a seamless solution for issuing quantum-ready Public Key Infrastructure (PKI) certificates alongside the existing PKI within the same environment. This ensures a smooth experience with minimal disruption to your current infrastructure and environments. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.
EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) algorithms for Root CAs, Issuing CAs, and End entities. While Certificate Revocation Lists (CRLs) can be generated, certain aspects such as Online Certificate Status Protocol (OCSP) and other protocols are still in the development phase and will be made available in the future.
Check out our how-tos and videos on:
Please note, that the final standard for the selected quantum-safe algorithms is planned to be released by NIST in early 2024. Until then, we recommend not to use the algorithms in production environments.
Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.
Bouncy Castle is one of the most widely used FIPS-certified open-source cryptographic APIs for Java and C#, allowing developers to integrate PKI security into their applications easily.