The US-based National Academy of Sciences states that a powerful quantum computer could break even a sophisticated 2048-bit RSA key in just a few months. However, it will take substantial time to develop, standardize and deploy post-quantum cryptographic techniques. DigiCert, a contributor to the NIST post-quantum cryptography (PQC) project, has introduced a kit designed to allow customers to start testing a PQC algorithm in their network to allow them to tap on its R&D efforts, according to the company’s press release.
This PQC test kit is designed for technical users who want to try out the process of installing the hybrid RSA/PQC certificate (TLS or IoT). DigiCert believes the kit will be useful for PKI architects and technical solution designers across a variety of industries and use cases, including financial services; government agencies; manufacturers; utilities providers, such as smart meters; and anyone making strategic security or design decisions.
The test kit was built for experimentation and hands-on research to help customers test and learn more about the technology. It includes a link to documentation that describes how users can set up a Linux box and run all the appropriate commands to generate post-quantum certificates. These hybrid certificates contain the backwards-compatible RSA/ECC keys, as well as future compatible post-quantum keys using the CRYSTALS-Dilithium algorithm.
The certificates are also compliant with today’s cryptography and have within them the ability to support tomorrow’s cryptography as well. Although final standards have not yet been adopted, experimenting with hybrid post-quantum certificates can enable organizations to take a first step toward understanding the security challenges of a post-quantum world, as they begin building a bridge to the future. DigiCert believes that user feedback is key to developing the next generation of cryptographic tools, and is encouraging users to share feedback about what they have learned, what’s most interesting to them and what challenges remain.
The kit will be available as a zip file download from CertCentral. The test kits will include instructions on how to correctly build a Post Quantum capable version of OpenSSL (popular SSL/TLS library) and Apache (web server) on a Linux server or workstation and use those programs to run various tests.