Enregistré dans:
Détails bibliographiques
Auteurs principaux: Ricchizzi, Nino, Schwinne, Christian, Pelzl, Jan
Format: Preprint
Publié: 2025
Sujets:
Accès en ligne:https://arxiv.org/abs/2505.04333
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866915276207947776
author Ricchizzi, Nino
Schwinne, Christian
Pelzl, Jan
author_facet Ricchizzi, Nino
Schwinne, Christian
Pelzl, Jan
contents The transition to post-quantum cryptography (PQC) presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509 certificate structures and compares existing tool support for classical, hybrid, composite, and chameleon certificates. A gap is identified in available open-source solutions, particularly for the generation and validation of hybrid and composite certificates via command-line interfaces. To address this, a proof-of-concept implementation based on the Bouncy Castle library is developed. The tool supports the creation of classical, hybrid (Catalyst), composite, and partially chameleon certificates using PQC algorithms such as ML-DSA and SLH-DSA. It demonstrates compatibility with standard X.509 workflows and aims to support headless operation and constrained platforms typical of industrial systems. The implementation is modular, publicly available, and intended to facilitate further research and testing of PQC migration strategies in practice. A comparison with OpenSSL-based solutions highlights current limitations in standardization, toolchain support, and algorithm coverage.
format Preprint
id arxiv_https___arxiv_org_abs_2505_04333
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Applied Post Quantum Cryptography: A Practical Approach for Generating Certificates in Industrial Environments
Ricchizzi, Nino
Schwinne, Christian
Pelzl, Jan
Cryptography and Security
The transition to post-quantum cryptography (PQC) presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509 certificate structures and compares existing tool support for classical, hybrid, composite, and chameleon certificates. A gap is identified in available open-source solutions, particularly for the generation and validation of hybrid and composite certificates via command-line interfaces. To address this, a proof-of-concept implementation based on the Bouncy Castle library is developed. The tool supports the creation of classical, hybrid (Catalyst), composite, and partially chameleon certificates using PQC algorithms such as ML-DSA and SLH-DSA. It demonstrates compatibility with standard X.509 workflows and aims to support headless operation and constrained platforms typical of industrial systems. The implementation is modular, publicly available, and intended to facilitate further research and testing of PQC migration strategies in practice. A comparison with OpenSSL-based solutions highlights current limitations in standardization, toolchain support, and algorithm coverage.
title Applied Post Quantum Cryptography: A Practical Approach for Generating Certificates in Industrial Environments
topic Cryptography and Security
url https://arxiv.org/abs/2505.04333