X.509 certificates containing hybrid and post-quantum public keys and signatures can be generated using our fork of OpenSSL 1.1.1 or using standard OpenSSL3 by with oqsprovider by way of the common openssl ‘x509’ commands specifying post-quantum algorithm names as listed here.

For a full walk-through on generating post-quantum X.509 certificates, see the OQS-Provider USAGE section “Creating keys and certificates”.

The easiest way to execute post-quantum X509 operations using OpenSSL (v3) functions is by using the pre-built curl Docker image at Docker hub.

For X.509 interoperability testing, the use of oqsprovider using the pre-built docker image is recommended, making use of the dynamic ID adaptation capabilities during testing.

Copyright © Open Quantum Safe a Series of LF Projects, LLC.
For website terms of use, trademark policy, and other project policies, please see https://lfprojects.org.
This site uses Just the Docs, a documentation theme for Jekyll. Background image by Rick Doble.