1. Home
  2. /
  3. Resources
  4. /
  5. #KEYMASTER: Can PKCS#10 Handle Post-Quantum Certificates?

#KEYMASTER: Can PKCS#10 Handle Post-Quantum Certificates?

hero-sub-3
PKI hierarchies - 1, 2, 3 tiers ?

2025-11-18

In this Keymaster session, Sven Rajala, International PKI Man of Mystery, sits down with David Hook, VP of Software Engineering for Bouncy Castle, to discuss one of the most technical challenges emerging in post-quantum PKI: how to request and issue encryption certificates with modern post-quantum algorithms like ML-KEM (the post-quantum algorithm for key encapsulation mechanisms).

The discussion begins with the limitations of PKCS#10, the long-standing standard for certificate requests. While PKCS#10 works well for traditional algorithms like RSA and ECC, which can both sign, it is not suitable for newer algorithms like ML-KEM that cannot generate signatures. This design assumption in PKCS#10 creates a major barrier to adopting post-quantum cryptography in some PKI workflows.

Watch video on YouTube

David explains that historically, the industry has relied on CRMF (Certificate Request Message Format) to handle proof of possession (PoP) when the key can not sign. Two established CRMF approaches are:

  1. Encrypted Certificate – The Certificate Authority (CA) sends back an encrypted certificate, and the requester proves possession by decrypting it and returning a hash.
  2. Challenge-Response – The CA sends a challenge, and the requester proves possession by decrypting and responding correctly.

Both methods are supported in Bouncy Castle Java 1.83 and later.

The conversation then turns to the newly published RFC 9883, introducing a Private Key Possession Attribute that extends PKCS#10 to support post-quantum use cases. This allows a PKCS#10 request to include an ML-KEM (encryption) key, where the private key possession is asserted by a signature using a previously issued ML-DSA certificate. This enables the issuance of ML-KEM certificates without changing existing protocols if the new attribute is properly recognized.

The RFC offers a future-proof way to handle post-quantum certificates in standard workflows like CMP, EST, and ACME, enabling interoperability across traditional and PQC environments.

Key takeaways

  • PKCS#10 Limitations: It relies on signature-based proof of possession, incompatible with ML-KEM and other encryption-only algorithms.
  • CRMF Solutions: Encrypted Certificate and Challenge-Response methods enable proof of possession without signatures. Both are now available in Bouncy Castle.
  • RFC 9883 Innovation: Introduces a Private Key Possession Attribute to extend PKCS#10 for post-quantum use cases.
  • Hybrid Certificate Support: Combines ML-DSA (signing) and ML-KEM (encryption) keys in a single workflow, bridging classic and PQC ecosystems.
  • Bouncy Castle Roadmap: Both methods are supported in Bouncy Castle version 1.83 and later.

Learn more

Related resources

PKI hierarchies - 1, 2, 3 tiers ?
Implementing Cryptography
Industrial Cybersecurity & IoT
Tech Update
Ejbca
Signserver
11 November, 2025

#KEYMASTER: Agentic AI Risks and The Role of Identity

In this episode of #KEYMASTERs, Sven Rajala, International PKI Man of Mystery...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Implementing Cryptography
Post-Quantum Cryptography
Tech Update
Ejbca
Signserver
28 October, 2025

#KEYMASTER: From SBOMs to CBOMs – Why Software Producers Must Map Their Crypto Assets

In this #KEYMASTER session, Sven Rajala, International PKI Man of Mystery, an...
Read more

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close