Integrating PQC with CA software
A popular alternative to complex Certificate Authority (CA) software (such as EJBCA) is OpenSSL’s CA functionality. This lightweight solution uses digital signature key pairs to sign root and intermediate authority certificates, and either digital signature or public key encryption key pairs for end-user certificates. A software implementation of PQC would need to integrate post-quantum digital signature schemes.
PQSDK
PQSDK is designed to integrate post-quantum digital signature schemes into OpenSSL’s X.509 library. This enables end users to generate certificates and build their own quantum-safe public key infrastructure (PKI). PQSDK supports the use of custom OIDs to enable users to incorporate these algorithms into their own PEN prefix.
