1. Home
  2. /
  3. Use cases
  4. /
  5. Quantum-ready code signing

Quantum-ready code signing

As of right now, SignServer supports ML_DSA (Dilithium) and SLH-DSA (SPHINCS+) algorithms for CMS and raw signing.

hero-sub-2-white

Challenge

Considerations for Migrating to New Algorithms and Ensuring Compatibility

Migrating to new quantum-ready cryptography algorithms requires careful evaluation of existing solutions and properly optimizing the environment. As a developer, you must take into consideration:

  • Which algorithms have broad compatibility
  • Use case-specific requirements
  • The benefits and complexities of hybrid certificates
  • How to operationalize (i.e system architecture, infrastructure needs, HSM support, and protocol compatibility
  • Which legacy systems may need “isolation” and be front-ended with enhanced security

You can also read more here:

Get ready for Quantum-ready Cryptography

arrow

Solution

Seamless support for Quantum-ready PKI and signing

The reality is that there are still many unanswered questions, and it will take some time before all the pieces fall into place. SignServer and EJBCA offer a seamless solution for quantum-safe signing and signing certificates alongside the existing PKI and signing environment. This ensures a smooth experience with minimal disruption to your current infrastructure. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.

Currently, ML-DSA (Dilithium) and SHL-DSA (SPHINCS+) are supported in SignServer for CMS and raw signing.

EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) algorithms for Root CAs, Issuing CAs, and End entities. 

Check out our how-tos and video on:

  • Issue ML-DSA code signing certificate with EJBCA and sign code in SignServer
  • Create a hybrid certificate using the Bouncy Castle Kotlin project

Please note, that the final standard for the selected quantum-safe algorithms is planned to be released by NIST in early 2024. Until then, we recommend not to use the algorithms in production environments. 

Tutorials

SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Home / Use cases / ML-DSA (Dilithium) Signing Certificate and Signing in SignServer ML-DSA (Dilithium) signing certificate and code signing in SignServer Set up your first quantum-ready PKI. Creat...
Read more
ML-DSA

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

EJBCA Signserver
DevOps
Industrial Cybersecurity & IoT
Installation & Deployment
Signing
Tech Update
Signserver
29 September, 2023

Securing OpenPGP and Debian Packages with Code Signing

This Tech Update, initially published in early 2023, has exciting additional...
Read more
Community_Tech_Meetup_Prof1
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Post-Quantum Cryptography
Signing
Blog
Ejbca
Signserver
20 September, 2023

Unveiling the highlights of the Keyfactor Community Tech Meetup 2023

What a remarkable day it was at the Keyfactor Community Tech Meetup 2023, on...
Read more
Bouncy Castle
Implementing Cryptography
Post-Quantum Cryptography
Release
Ejbca
Signserver
9 August, 2023

Unveiling the Latest Tech Tweaks in Bouncy Castle Cryptographic APIs

After a flurry of updates since our last Tech Update, BC 1.76 is now availabl...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.
Close