For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Hands-On Quantum-Safe PKI: A Practical Post-Quantum Cryptography Implementation Guide

Is your Public Key Infrastructure quantum-ready?

Remember waaay back when we built the PQC CNSA 2.0 Implementation guide in October 2025? So long ago! Due to popular request, we've expanded the lab to cover the more widely needed NIST FIPS 203/204/205 quantum standards. The below GitHub lab guide will still walk you through building a quantum resistant certificate authority using OpenSSL but we've made some fun adjustments to reflect more real world scenarios.  This guide currently covers:

  • Building quantum safe certificate authority for FIPS 203/204/205 use cases
  • Building quantum safe certificate authority for CNSA 2.0 use cases
  • OpenSSL 3.5 parallel install for PQC-specific use cases
  • OpenSSL 3.x + OQS library installation when you cannot update to 3.5.x.

 

Why learn and implement post-quantum cryptography (PQC) now?

While quantum computing is a fascinating area of science, all technological advancements can be misused. Nefarious people and nation-states are extracting encrypted data to decrypt at a later date when quantum computers become available, a practice you better know by now called "harvest now, decrypt later."

Close your post-quantum cryptographic knowledge gap so you can get secured sooner and reduce the impact(s) that might not surface until later. Ignorance is not bliss when it comes to cryptography and regulatory fines, so let's get started. The GitHub lab provides step-by-step instructions to create:

  • Quantum-resistant Root CA using ML-DSA-87 (FIPS and CNSA 2.0)
  • Algorithm flexibility based on your compliance needs
  • Quantum-safe server and client certificates
  • OCSP and CRL revocation for quantum-resistant certificates

 

Access the Complete Lab Guide on GitHub →

 

At A Glance: OpenSSL Quantum-Resistant CA Learning Paths

This repository currently offers two learning tracks. Select the path that aligns with your organization's requirements:

 FIPS 203/204/205 PathCNSA 2.0 Path
Target AudienceCommercial organizations, compliance needsGovernment contractors, classified systems
Compliance StandardNIST Quantum Safe FIPS standardsNSA Commercial National Security Algorithm Suite 2.0
Algorithm FlexibilityFull FIPS algorithm suites (ML-DSA-44/65/87, SLH-DSA)Restricted to CNSA 2.0 approved (ML-DSA-65/87 only)
Use CaseGeneral quantum-resistant infrastructureNational security systems, defense contracts

 

What This Lab Guide Achieves

Complete PKI Hierarchy Implementation

The lab walks through building an internal PKI infrastructure from scratch, including:

  • Root Certificate Authority: Using ML-DSA-87 providing the highest quantum-ready NIST security level
  • Intermediate Certificate Authority: Intermediate CA using ML-DSA-65 for operational certificate issuance
  • End-Entity Certificates: Server and user certificates with comprehensive Subject Alternative Names (SANs) for real-world applications
  • Revocation Infrastructure: Both Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) implementation
  • Security Best Practices: Restrictive Unix file permissions, secure key storage, and backup procedures throughout, preferred practices for lab and internal testing scenarios

Key Takeaways

After completing one or more of the labs, you will:

  1. Understand Quantum Threats: Grasp why current RSA/ECDSA cryptography is vulnerable and how quantum-resistant algorithms provide protection
  2. Master ML-DSA Cryptography: Gain hands-on experience with both ML-DSA-65 (Level 3 security) and ML-DSA-87 (Level 5 security) algorithms
  3. Configure Modern PKI Features: Implement SANs with DNS, IP, email, and URI entries, plus both CRL and OCSP revocation mechanisms
  4. Troubleshoot Effectively: Learn to diagnose and resolve common issues with quantum-resistant certificates
  5. Prepare for Migration: Understand the practical steps needed to transition existing PKI infrastructure to quantum-resistant algorithms

Who Should Read This Guide

  • Enterprise Security Teams migrating to quantum-resistant algorithms
  • Government Contractors requiring CNSA 2.0 compliance for classified systems
  • Financial Institutions protecting long-term transaction records from quantum threats
  • Healthcare Organizations securing patient data with regulatory requirements
  • Cloud Service Providers implementing quantum-safe infrastructure for customers
  • PKI Consultants preparing for post-quantum migration projects
  • DevOps Engineers building quantum-ready CI/CD certificate pipelines
  • Crossfit Trainers Find something interesting for once to yell at random intervals to anyone within earshot

 

Access the Complete Lab Guide on GitHub →

 

About This Guide

We built the first guide for NSA Suite B in the distant past (2017) to learn ECC and modern cipher requirements. We built more recent second guide for CNSA 2.0 but it's quite specific for US federal audiences. That lead us to build a NIST FIPS PQC guide which should apply to more practical use cases. 

In the spirit of Learn Python the Hard Way, it focuses on manual repetition, hands-on interactions and real-world scenarios. It provides the practical experiences needed to implement quantum-resistant PKI in production environments.

By building it on GitHub, other PKI fans can help where we may have missed something; or simply to expand on it with additional modules or forks. Have at it!

 

Frequently Asked Questions (FAQS)

Q: What is CNSA 2.0?
A: CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) is the NSA's updated cryptographic standard requiring quantum-resistant algorithms.

Q: When do I need to implement quantum-resistant cryptography?
A: The NSA and NIST mandate CNSA 2.0 and FIPS 20X implementation by 2030. Organizations should begin now due to "harvest now, decrypt later" attacks where adversaries collect encrypted data today for future quantum decryption.

Q: What is ML-DSA (Dilithium)?
A: ML-DSA (Module-Lattice Digital Signature Algorithm), formerly known as Dilithium, is a NIST-standardized quantum-resistant digital signature algorithm specified in FIPS 204, available in OpenSSL through the OQS provider.

Q: What is ML-KEM (Kyber)?
A: Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. Kyber-512 aims at security roughly equivalent to AES-128, Kyber-768 aims at security roughly equivalent to AES-192, and Kyber-1024 aims at security roughly equivalent to AES-256. But quantumy (it's a word).

Q: Is this guide suitable for production use?
A: NOPE. While the guide teaches production-ready techniques and CNSA 2.0 compliance, always use Hardware Security Modules (HSMs) and air-gapped systems for production Root CAs (cold storage too).  The lab is great for internal environments or test harnesses where you may need to test against new quantum-resistant signatures and such. ALWAYS rely on trusted public PKI infrastructure for production cryptography.

 

Reference Links

  1. NIST Post-Quantum Cryptography Standards - Official NIST PQC project page with FIPS 204 (ML-DSA) specifications
  2. NSA CNSA 2.0 Algorithm Requirements - NSA's official CNSA 2.0 announcement and requirements
  3. Open Quantum Safe Project - Home of the OQS provider enabling quantum-resistant algorithms in OpenSSL
  4. OQS Provider for OpenSSL 3 - GitHub repository for the OQS provider with installation instructions
  5. RFC 5280: Internet X.509 PKI - Essential standard for X.509 certificate and CRL profiles
  6. OpenSSL 3.0 Documentation - Comprehensive OpenSSL documentation for understanding commands and options
  7. FIPS 204: ML-DSA Standard - The official Module-Lattice-Based Digital Signature Standard
Published Dec 15, 2025
Version 1.0
application delivery
CNSA
fips
ML-DSA
ML-KEM
nist
nsa
PQC
Quantum
security
No CommentsBe the first to comment