Lab-02: Full PQC Chain
Lab-02: Full PQC Chain
Section titled “Lab-02: Full PQC Chain”Build a Complete PQC PKI Hierarchy
Section titled “Build a Complete PQC PKI Hierarchy”Key Message: End-to-end PQC chain = same architecture, quantum-safe. The hierarchy doesn’t change — only the algorithms.
The Scenario
Section titled “The Scenario”“I’m ready to go fully quantum-safe. How do I build a complete PQC PKI from root to end-entity?”
This demo shows a production-ready 3-level PKI hierarchy using only post-quantum algorithms. No classical cryptography anywhere in the chain.
For legacy client compatibility, see Lab-03: Hybrid.
┌─────────────────────────────────────────────────────────────────┐│ ││ ROOT CA ││ ════════ ││ ML-DSA-87 ││ (maximum security, 256 bits) ││ │ ││ │ Signs ││ ▼ ││ ISSUING CA ││ ══════════ ││ ML-DSA-65 ││ (daily operations) ││ │ ││ │ Signs ││ ▼ ││ TLS CERTIFICATE ││ ═══════════════ ││ ML-DSA-65 ││ server.example.com ││ │└─────────────────────────────────────────────────────────────────┘What We’ll Do
Section titled “What We’ll Do”- Create a Root CA (ML-DSA-87 - highest security)
- Create an Issuing CA signed by the Root (ML-DSA-65)
- Generate a server key and CSR
- Issue a TLS server certificate
- Examine the complete chain
Run the Demo
Section titled “Run the Demo”./journey/02-full-chain/demo.shThe Commands
Section titled “The Commands”Step 1: Create Root CA (ML-DSA-87)
Section titled “Step 1: Create Root CA (ML-DSA-87)”# Initialize the root CA with highest security levelqpki ca init --profile profiles/pqc-root-ca.yaml \ --var cn="PQC Root CA" \ --ca-dir output/pqc-root-ca
qpki inspect output/pqc-root-ca/ca.crtStep 2: Create Issuing CA (ML-DSA-65)
Section titled “Step 2: Create Issuing CA (ML-DSA-65)”# Create issuing CA signed by rootqpki ca init --profile profiles/pqc-issuing-ca.yaml \ --var cn="PQC Issuing CA" \ --parent output/pqc-root-ca \ --ca-dir output/pqc-issuing-ca
qpki inspect output/pqc-issuing-ca/ca.crtStep 3: Generate Server Key and CSR
Section titled “Step 3: Generate Server Key and CSR”# Generate ML-DSA-65 key and CSRqpki csr gen --algorithm ml-dsa-65 \ --keyout output/server.key \ --cn server.example.com \ --out output/server.csrStep 4: Issue TLS Server Certificate
Section titled “Step 4: Issue TLS Server Certificate”# Issue end-entity certificate from CSRqpki cert issue --ca-dir output/pqc-issuing-ca \ --profile profiles/pqc-tls-server.yaml \ --csr output/server.csr \ --out output/server.crt
qpki inspect output/server.crtTip: For detailed ASN.1 output, use
openssl x509 -in <cert> -text -noout
Size Comparison
Section titled “Size Comparison”| Certificate | Classical (ECDSA) | Full PQC | Ratio |
|---|---|---|---|
| Root CA | ~1 KB | ~7 KB | ~7x |
| Issuing CA | ~1 KB | ~6 KB | ~6x |
| TLS Server | ~1 KB | ~6 KB | ~6x |
| Full chain | ~3 KB | ~19 KB | ~6x |
Approximate sizes. The trade-off: larger certificates for quantum resistance.
Bandwidth impact is usually negligible compared to application payloads.
Algorithm Selection Guide
Section titled “Algorithm Selection Guide”| Use Case | Recommended Algorithm | Why |
|---|---|---|
| Root CA | ML-DSA-87 | Maximum security, long-lived |
| Issuing CA | ML-DSA-65 | Balance security/performance |
| TLS Server | ML-DSA-65 | Server authentication |
| TLS Client | ML-DSA-44 | Constrained devices OK |
| Code Signing | ML-DSA-65 | Long-lived signatures |
When to Use SLH-DSA Instead
Section titled “When to Use SLH-DSA Instead”SLH-DSA (hash-based signatures) is a conservative alternative:
| Algorithm | Pros | Cons |
|---|---|---|
| ML-DSA | Small keys, fast verify | Newer, lattice-based |
| SLH-DSA | Well-understood math | Large signatures (~17-49 KB) |
Use SLH-DSA when:
- Maximum cryptographic conservatism is required
- Signature size is not a constraint
- You want hash-based (no lattice assumptions)
When to Deploy Full PQC
Section titled “When to Deploy Full PQC”| Scenario | Recommendation |
|---|---|
| New internal PKI | Full PQC - Start quantum-safe |
| Public-facing servers | Hybrid (Lab-03) - Legacy client support |
| Government/Military | Full PQC - Regulatory requirements |
| IoT (long-lived) | Full PQC - Future-proof devices |
| Short-lived tokens | Classical OK - Low SNDL risk |
What You Learned
Section titled “What You Learned”- Same workflow: Creating a PQC hierarchy uses identical PKI concepts
- Algorithm stacking: Root uses highest level, decreasing down the chain
- Size trade-off: ~6x larger certificates for quantum resistance
References
Section titled “References”- NIST FIPS 204: ML-DSA Standard
- NIST FIPS 205: SLH-DSA Standard
- NSA CNSA 2.0 Guidelines (PDF)
- NSA CNSA 2.0 Announcement