Planning for post-quantum cryptography
Trust Architecture Playbook: Issuance pillar
Quantum computing poses a long-term threat to classical asymmetric cryptography. Sufficiently powerful quantum computers could break RSA and ECC algorithms, compromising the security of current certificate and CA key material. NIST finalized the first post-quantum cryptography (PQC) algorithm standards in 2024. Organizations should begin assessing and planning for PQC migration now, even if full deployment is still years away.
PQC support in DigiCert Private CA
DigiCert® Private CA supports PQC certificate issuance for private-trust use cases. PQC certificates can be issued and managed through Trust Lifecycle Manager using the same certificate profile workflow as classical certificates. Supported enrollment methods include CSR (web-based), EST, and REST API.
Supported PQC signature algorithms
DigiCert Private CA can issue PQC certificates using the following signature algorithms:
ML-DSA (formerly CRYSTALS-Dilithium): The primary NIST-standardized PQC signature algorithm (FIPS 204). All three parameter sets are supported: MLDSA-44, MLDSA-65, and MLDSA-87. ML-DSA is the recommended algorithm for most use cases.
SLH-DSA (formerly SPHINCS+): A stateless hash-based signature scheme standardized in FIPS 205. All NIST-standardized SLH-DSA parameter sets are supported.
HSM and revocation requirements
PQC key generation in DigiCert Private CA requires an HSM that supports PQC algorithms. If PQC is a defined or near-term requirement, factor HSM selection into your planning before provisioning any CA infrastructure. Two HSMs are currently supported across both DigiCert-hosted and customer-hosted Private CA deployments:
Crypto4A: Supports PQC and operates as a FIPS 140-validated cryptographic module.
Thales SafeNet Luna: Supports PQC starting with firmware version 7.9. Verify your firmware version before deploying PQC to avoid configuration errors.
CRL-based revocation is fully supported for ML-DSA and SLH-DSA certificates. Ensure CRL infrastructure is in place before issuing PQC certificates and verify that relying party systems support CRL-based revocation. OCSP is not yet supported for PQC certificates.
PQC readiness planning
PQC migration is a long-term project. Begin with these steps:
Inventory your cryptographic assets: Use Trust Lifecycle Manager's crypto hygiene reporting to identify all certificates using classical algorithms. This inventory is the foundation of your PQC migration plan.
Identify high-risk assets: Prioritize long-lived certificates, CA keys, and certificates protecting sensitive long-lived data. These are the most exposed to harvest-now-decrypt-later attacks, in which adversaries capture encrypted data today with the intent to decrypt it once quantum computing capabilities mature.
Assess HSM readiness: For private trust issuance, determine whether your existing HSMs support PQC algorithms and plan hardware upgrades accordingly.
Pilot PQC issuance: Issue PQC certificates in a test environment and validate chain building, revocation, and application compatibility before any production deployment.
참고
Building a cryptographic baseline is covered in the Baseline pillar of the DigiCert® Trust Architecture Playbook.