PQC toolkit setup guide
Notice
This guide is for the PQC toolkit. For instructions on setting up the DigiCert PQC dockerized toolkit, see PQC dockerized toolkit guide.
Introduction
DigiCert's post-quantum cryptographic (PQC) toolkit contains everything needed to create a hybrid TLS certificate. This hybrid certificate uses a post-quantum cryptographic algorithm paired with a classical cryptographic algorithm. This pairing allows you to test the viability of deploying post-quantum hybrid TLS certificates while also maintaining backwards compatibility.
Note
For this first iteration, the post-quantum cryptographic algorithm is paired with an elliptical curve cryptographic algorithm.
This setup guide walks you through using the DigiCert PQC toolkit to:
Apply the ISARA PQC Patch to OpenSSL source files.
Compile your modified OpenSSL program.
Generate post-quantum cryptographic keys.
Create a complete hybrid certificate chain, including root, intermediate, and server certificates.
Test the certificates using OpenSSL's
s_serverands_clientutilities.
Notice
DigiCert PQC toolkit is available to download for all Secure Site Pro customers.
Learn more about what's included with each Secure Site Pro certificate.
PQC toolkit contents
DigiCert PQC toolkit contains these files:
ISARA Catalyst OpenSSL Connector
Modified openssl.cnf
Certificate configuration files
Example hybrid certificate chain
Prerequisites
Before using this guide, make sure these prerequisites are met:
You have access to the DigiCert PQC toolkit resource files.
You have 64-bit Ubuntu 16.04 or later (this guide was written using Ubuntu 18.04 LTS).
You are a non-root user with sudo access.
Warning
To protect your system or production environment from issues, we recommend you follow these steps using a sandbox or virtual environment.