<a href="https://colab.research.google.com/github/RajKumarPandey/pqc_dilithium_cert_chain/blob/main/launch_chain_simulation.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# 🚀 PQC Certificate Chain Launcher with Real Dilithium Support
This notebook attempts to use real **Dilithium** keys via `pyoqs`, falling back to EC keys if PQC support isn't available.

> Ensure you're using Google Colab with internet access and sufficient RAM.

In [None]:
# ✅ Step 1: Install Dependencies (Cryptography + PQC Tools)
!pip install cryptography
!pip install pyoqs || echo 'pyoqs unavailable, falling back to EC keys.'

In [None]:
# 🧠 Step 2: Import Utility Functions
import sys
sys.path.append('./src')
from cert_utils import create_placeholder_certificate, build_certificate_chain
try:
    from pyoqs import Signature
    OQS_AVAILABLE = True
except ImportError:
    print("pyoqs not available. Falling back to EC keys.")
    OQS_AVAILABLE = False

In [None]:
# 🔐 Step 3: Generate Keypairs (Dilithium or EC fallback)
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec

def generate_keypair():
    if OQS_AVAILABLE:
        sig = Signature("Dilithium3")
        public_key = sig.generate_keypair()
        return sig, public_key
    else:
        key = ec.generate_private_key(ec.SECP384R1(), default_backend())
        return key, key.public_key()

# Use real or placeholder keys
root_key, root_pub = generate_keypair()
inter_key, inter_pub = generate_keypair()
user_key, user_pub = generate_keypair()

In [None]:
# 🔏 Step 4: Create Placeholder Certificates (Using keys above)
root_cert = create_placeholder_certificate("Root CA", "Root CA", root_key)
inter_cert = create_placeholder_certificate("Intermediate CA", "Root CA", inter_key)
user_cert = create_placeholder_certificate("leaf.com", "Intermediate CA", user_key)

In [None]:
# 💾 Step 5: Save PEM Files
with open("root.pem", "wb") as f:
    f.write(root_cert.public_bytes(serialization.Encoding.PEM))
with open("intermediate.pem", "wb") as f:
    f.write(inter_cert.public_bytes(serialization.Encoding.PEM))
with open("user.pem", "wb") as f:
    f.write(user_cert.public_bytes(serialization.Encoding.PEM))

In [None]:
# 🔗 Step 6: Load and Print Certificate Chain
chain = build_certificate_chain("user.pem", ["intermediate.pem"], "root.pem")
for idx, cert in enumerate(chain):
    print(f"\nCertificate {idx+1}:")
    print(cert.subject)

In [None]:
# Create a dummy cert_utils.py file with placeholder functions
%%writefile src/cert_utils.py
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.backends import default_backend
import datetime

def create_placeholder_certificate(subject_name, issuer_name, private_key):
    """Creates a placeholder X.509 certificate."""
    subject = x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, subject_name),
    ])
    issuer = x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, issuer_name),
    ])
    builder = x509.CertificateBuilder()
    builder = builder.subject_name(subject)
    builder = builder.issuer_name(issuer)
    builder = builder.public_key(private_key.public_key())
    builder = builder.serial_number(x509.random_serial_number())
    builder = builder.not_valid_before(datetime.datetime.now(datetime.timezone.utc))
    builder = builder.not_valid_after(datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365))

    certificate = builder.sign(private_key, hashes.SHA256(), default_backend())
    return certificate

def build_certificate_chain(user_cert_path, intermediate_cert_paths, root_cert_path):
    """Builds a certificate chain from PEM files."""
    chain = []
    with open(user_cert_path, "rb") as f:
        chain.append(x509.load_pem_x509_certificate(f.read(), default_backend()))
    for path in intermediate_cert_paths:
        with open(path, "rb") as f:
            chain.append(x509.load_pem_x509_certificate(f.read(), default_backend()))
    with open(root_cert_path, "rb") as f:
        chain.append(x509.load_pem_x509_certificate(f.read(), default_backend()))
    return chain

In [4]:
# Create the src directory
import os
os.makedirs('src', exist_ok=True)