X.509 compliant hybrid certificates
Large quantum computers could break almost all public-key algorithms currently used, e.g., RSA and elliptic curve cryptography. As the construction of large quantum computers is approaching, it is important to begin the transition to post-quantum cryptography today, to ensure uninterrupted cryptographic security.
With this project we provide an X.509 standard compliant Java implementation of hybrid certificates, which enable the parallel usage of two independent cryptographic schemes within public key infrastructures and related applications. This enables a stepwise transition to post-quantum secure and hybrid algorithms.
The target audience of this software are cryptographers as well as IT security experts and practitioners aiming at a smooth and secure transition to post-quantum cryptography at an early stage. Hybrid certificates support first uses and experiments with post-quantum secure and hybrid algorithms in (parts of) real-life applications and systems without the risk of incompatibility problems due to unforeseen dependencies.
Further reading and alternative implementation
For a more detailed description and further references please refer to the short paper.
Additional technical details such as definition of extensions, certificate structure, OIDs, certificate generation, and path validation procedures can be found in the technical documentation.
We provide a fully compatible C implementation of hybrid certificates which can be found here: https://github.com/CROSSINGTUD/openssl-hybrid-certificates
A local gradle wrapper is provided and supports the following tasks:
gradlew jarpackages the library into a
.jarfile which can be added to another project. You also need to add the two
.jarfiles in the
libs/directory to this project.
gradlew javadoccreates the JavaDoc for the library
gradlew testruns the tests
Unit tests showing multiple usage examples can be found in
The API documentation is provided as Javadoc.
You can use gradle to generate the HTML Javadoc files:
If you want to contribute, report issues or have questions you can use the issue tracker of this repository. Alternatively please contact Johannes Braun (firstname.lastname@example.org)