Skip to content

wonkybream/quantum-safe-ca

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Quantum Safe CA

Ruff

Experimentations with quantum safe algorithms and X509 certificates.

Dependencies:

Please install oqsprovider according to their documentation and configure oqs-provider globally to your OpenSSL.

Should look something like following.

openssl list -providers
# Providers:
#   default
#     name: OpenSSL Default Provider
#     version: 3.4.0
#     status: active
#   oqsprovider
#     name: OpenSSL OQS Provider
#     version: 0.7.1-dev
#     status: active

Usage

Providing few different ways of using this tool. There are few scripts just for playing around with certificates. And then there's the EST server, which tries to be somewhat RFC 7030 compliant.

Creating CA

Creates a certificate chain with two intermediate certificates A and B. This also serves as a test whether you have set up the oqsprovider correctly

# Using classical algorithm
./scripts/full_ca.sh ed25519

# Using quantum-safe algorithm
./scripts/full_ca.sh dilithium3

EST server

Two folders need to be created under resources/ folder, one for server certificate chain (server_chain) and one for iot certificate chain (iot_chain). You can use full_ca.sh script for that.

fastapi dev qsca/main.py