Skip to main content

DigiCert​​®​​ solutions for post-quantum computing

To enable cryptographic agility across your enterprise, DigiCert​​®​​ supports the post-quantum cryptography (PQC) standards that can be incorporated in your key pairs and certificates.

DigiCert solutions that support PQC

DigiCert ONE services that deploy private CA certificates and key pairs support the following types of PQC solutions:

Tabelle 1. DigiCert solutions for PQC

Solutions

DigiCert​​®​​ services

Pure PQC (ML-DSA) certificate issuance and renewal using these methods:

  • EST (Enrollment over Secure Transport)

  • SCEP (Simple Certificate Enrollment Protocol)

  • ACME (Automated Certificate Management Environment)

  • CMPv2 (Certificate Management Protocol version 2)

  • REST API

Sign software and verify hash commands using PQC algorithms

Batch issuance support for pure PQC certificates

  • Device Trust

  • Trust Lifecycle

Client-side and server-side key pair generation

  • Device Trust

  • Software Trust

Automated certificate lifecycle management of ML-DSA and composite certificates so you’re never faced with expired PQC device certificates

Trust Lifecycle

Generate ML-DSA key pairs to create a CSR and send a CSR to a PKI over EST or SCEP, all through a free-to-download CLI

DigiCert TrustEdge

C-SDK embedded security toolkit with support for ML-KEM, ML-DSA, TLS 1.3, and FIPS 140-3 certified crypto

DigiCert TrustCore SDK

Test issues of PQC certificates, including ones with algorithms not yet supported by the CA/Browser forum

DigiCert Labs, our free playground for testing algorithms


Supported PQC signing algorithms

DigiCert issues private certificates with ML-DSA, SLH-DSA, and ML-KEM signing algorithms, depending on the service. At the current time, CertCentral doesn’t issue public CA certificates with these algorithms.

  • ML‑DSA provides digital signatures using lattice‑based assumptions, which offers authenticity and non‑repudiation.

  • ML‑KEM lets one party (initiator) generate a public/private key pair. The responder uses the public key to derive a shared secret and a ciphertext, which the initiator de-capsulates to recover the same secret. Use this key encryption method as a quantum defense version of TLS/SSL for secure websites.

  • SLH-DSA applies lightweight hash-based techniques to ensure security while optimizing performance, making it ideal for resource-constrained environments.

Tabelle 2. PQC algorithms that DigiCert supports for private certificates

DigiCert service

ML-DSA

SLH-DSA

ML-KEM

DigiCert​​®​​ Private CA services

1

--

Device Trust

1

--

Document Trust

--

--

--

Software Trust2

1

--

TrustCore SDK

TrustEdge

Trust Lifecycle

1

--


1 PQC-enabled HSM will be available in the United States datacenters only.

2 Online Certificate Status Protocol (OCSP) support for ML-DSA isn’t defined in a Requests for Comments (RFC) yet.

Supported key sizes per signing algorithm

DigiCert​​®​​ issues and manages private certificates for PQC with the following key sizes:

Tabelle 3. Key sizes per signing algorithm key type

Signing algorithm

Key size

Description

ML-DSA (Dilithium)

ML-DSA-44

Represents a cryptographic strength equivalent of at least 128-bit symmetric encryption. This level of security is considered sufficient for many applications requiring strong security, such as protecting sensitive data and communications.

ML-DSA-65

Represents a higher cryptographic strength equivalent to at least 192-bit symmetric encryption. Offers increased security margin compared to Security Level 44, making it suitable for applications demanding elevated security requirements.

ML-DSA-87

Represents an even higher level of cryptographic strength of at least 256-bit symmetric encryption, surpassing the previous two levels. Equivalent to an even greater bit length in symmetric encryption, further increasing the complexity for potential attackers. Offers the highest level of security among the mentioned levels, suitable for sensitive applications requiring maximum protection against advanced cryptographic attacks.

ML-KEM

ML-KEM-512

Can be used by two parties to establish a shared secret key over a public channel. When a sender wants to securely communicate with a recipient, they use the recipient's public key to "encapsulate" a secret key, creating a ciphertext. The shared secret key can then used with symmetric-key cryptographic algorithms to perform basic tasks in secure communications, such as encryption and authentication.

ML-KEM-768

Represents a stronger version than ML-KEM-512, but with decreased performance.

ML-KEM-1024

Represents the strongest version of ML-KEM, but with decreased performance.

SLH-DSA (SPHINCS+)

SLH-DSA SHA2-128f

Similar to SHA2-128s but optimized for faster performance

SLH-DSA SHA2-128s

Offers an equivalent strength of 128-bit symmetric encryption, using SHAKE for flexible security parameters

SLH-DSA SHA2-192f

Fast variant of SHA2-192s, offering higher security with optimized performance

SLH-DSA SHA2-192s

Provides 192-bit symmetric encryption strength, suitable for applications demanding higher security

SLH-DSA SHA2-256f

A faster version of SHA2-256s, providing maximum security with optimized performance

SLH-DSA SHA2-256s

Offers 256-bit symmetric encryption strength, suitable for highly sensitive applications

SLH-DSA SHAKE-128f

Fast variant of SHAKE-128, balancing performance and security

SLH-DSA SHAKE-128s

Offers an equivalent strength of 128-bit symmetric encryption, using SHAKE for flexible security parameters

SLH-DSA SHAKE-192f

A fast variant of SHAKE-192, optimized for performance in demanding applications

SLH-DSA SHAKE-192s

Flexible security with 192-bit strength using SHAKE for adjustable output lengths

SLH-DSA SHAKE-256f

A fast variant of SHAKE-256, ideal for highly sensitive environments requiring both strong security and high efficiency

SLH-DSA SHAKE-256s

Uses SHAKE for flexible cryptographic output at a 256-bit strength