As of right now, SignServer supports ML_DSA (Dilithium) and SLH-DSA (SPHINCS+) algorithms for CMS and raw signing.
Challenge
Migrating to new quantum-ready cryptography algorithms requires careful evaluation of existing solutions and properly optimizing the environment. As a developer, you must take into consideration:
You can also read more here:
Solution
The reality is that there are still many unanswered questions, and it will take some time before all the pieces fall into place. SignServer and EJBCA offer a seamless solution for quantum-safe signing and signing certificates alongside the existing PKI and signing environment. This ensures a smooth experience with minimal disruption to your current infrastructure. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.
Currently, ML-DSA (Dilithium) and SHL-DSA (SPHINCS+) are supported in SignServer for CMS and raw signing.
EJBCA supports ML-DSA (Dilithium) and NL-DSA (Falcon) algorithms for Root CAs, Issuing CAs, and End entities.
Check out our how-tos and video on:
Please note, that the final standard for the selected quantum-safe algorithms is planned to be released by NIST in early 2024. Until then, we recommend not to use the algorithms in production environments.
Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.
EJBCA is a robust, reliable open-source Certificate Authority software that can be tailored to meet your PKI requirements. Whether you're managing an internal PKI or setting up a PKI for your business application or product, EJBCA has the flexibility and scalability to support your needs.
Bouncy Castle is a popular and widely used cryptographic API that is FIPS-certified and open-source, making it easy for developers to seamlessly integrate cryptography, PKI and signing security into their Java and C# applications.