1. Home
  2. /
  3. Use cases
  4. /
  5. Try Quantum-Safe Cryptography PKI

Try Quantum-safe Cryptography PKI

EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) quantum-safe algorithms. Try them for your Root CAs, Issuing CAs, and end entities for code signing.

hero-sub-2

Challenge

Migrating to new algorithms and ensuring compatibility

Migrating to new quantum-safe cryptography algorithms requires careful evaluation of existing solutions and properly optimizing the environment. As a developer, you must take into consideration:

  • Which algorithms have broad compatibility
  • Use case-specific requirements
  • The benefits and complexities of hybrid certificates
  • How to operationalize (i.e system architecture, infrastructure needs, HSM support, and protocol compatibility
  • Which legacy systems may need “isolation” and be front-ended with enhanced security

You can also read more here:

Get ready for Quantum-safe Cryptography

arrow

Solution

Seamless support for Quantum-safe PKI with EJBCA

The reality is that there are still many unanswered questions, and it will take some time before all the pieces fall into place. EJBCA offers a seamless solution for issuing quantum-ready Public Key Infrastructure (PKI) certificates alongside the existing PKI within the same environment. This ensures a smooth experience with minimal disruption to your current infrastructure and environments. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.

EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) algorithms for Root CAs, Issuing CAs, and End entities. While Certificate Revocation Lists (CRLs) can be generated, certain aspects such as Online Certificate Status Protocol (OCSP) and other protocols are still in the development phase and will be made available in the future.

Check out our how-tos and videos on:

  • Issue ML-DSA (Dilithium) code signing certificate with EJBCA and sign code in SignServer
  • Creating a quantum-ready hybrid certificate using the Bouncy Castle Kotlin project
  • Try Hybrid certificates in preparations for quantum readiness 

Please note, the final standards for ML-KEM, ML-DSA and SLH-DSA were finalized in August 2024. We recommend only using standardized quantum-safe algorithms in production environments. 

Tutorials

dilithium ikon
Post quantum
2024-08-28

Try Hybrid PKI and certificates with EJBCA

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
ML-DSA
EJBCA logo website
Post quantum
2023-06-05

ML-DSA (Dilithium) signing certificate and code signing in SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
ML-DSA
EJBCA logo website
Post quantum
2023-06-05

Create Hybrid Certificates through Bouncy Castle Kotlin

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
Bouncy Castle

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
18 March, 2025

#KEYMASTER: Understanding VEX and the Future of Vulnerability Management

In this Keymaster episode, we explore VEX (Vulnerability Exploitability Excha...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
11 March, 2025

#KEYMASTER: The Rise of SBOMs – A Growing Necessity

In this episode of #KEYMASTER, we explore the evolving landscape of Software...
Read more
Keyfactor Release
25 February, 2025

SignServer 7.0 Community has been released

SignServer 7.0 Community, has been released. This new version brings a new, u...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close