Skip to content
QPKI

Standards Compliance

Conformité Standards

Section titled “Conformité Standards”

Ce document présente la conformité de QPKI aux standards cryptographiques et PKI.

Standards Cryptographiques

Section titled “Standards Cryptographiques”

FIPS 203 - ML-KEM (Key Encapsulation)

Section titled “FIPS 203 - ML-KEM (Key Encapsulation)”
ParamètreSupportUsage
ML-KEM-512OuiCMS EnvelopedData
ML-KEM-768OuiCMS EnvelopedData (recommandé)
ML-KEM-1024OuiCMS EnvelopedData

FIPS 204 - ML-DSA (Signatures)

Section titled “FIPS 204 - ML-DSA (Signatures)”
ParamètreSupportUsage
ML-DSA-44OuiSignatures (128-bit)
ML-DSA-65OuiSignatures (recommandé, 192-bit)
ML-DSA-87OuiSignatures (256-bit)

FIPS 205 - SLH-DSA (Stateless Hash-Based Signatures)

Section titled “FIPS 205 - SLH-DSA (Stateless Hash-Based Signatures)”
ParamètreSupportUsage
SLH-DSA-SHA2-128fOuiSignatures rapides
SLH-DSA-SHA2-128sOuiSignatures compactes
SLH-DSA-SHA2-192fOuiSignatures rapides
SLH-DSA-SHA2-192sOuiSignatures compactes
SLH-DSA-SHA2-256fOuiSignatures rapides
SLH-DSA-SHA2-256sOuiSignatures compactes
SLH-DSA-SHAKE-*OuiVariantes SHAKE

Standards PKI

Section titled “Standards PKI”

RFC 5280 - X.509 Certificates

Section titled “RFC 5280 - X.509 Certificates”
FeatureSupportNotes
Certificate v3OuiExtensions standard
CRL v2OuiDelta CRL supporté
Basic ConstraintsOuiCA/End-entity
Key UsageOuidigitalSignature, keyEncipherment, etc.
Extended Key UsageOuiserverAuth, clientAuth, codeSigning, etc.
Subject Alt NameOuiDNS, IP, Email, URI
Authority Key IdentifierOui
Subject Key IdentifierOui
CRL Distribution PointsOui
Authority Information AccessOuiOCSP, CA Issuers

RFC 5652 - CMS (Cryptographic Message Syntax)

Section titled “RFC 5652 - CMS (Cryptographic Message Syntax)”
FeatureSupportNotes
SignedDataOuiEC, RSA, ML-DSA, SLH-DSA
EnvelopedDataOuiRSA, ECDH, ML-KEM
AuthEnvelopedDataOuiAES-GCM
Multiple signersOui
Multiple recipientsOui

RFC 6960 - OCSP

Section titled “RFC 6960 - OCSP”
FeatureSupportNotes
Basic OCSPOuiGET et POST
Nonce extensionOui
Signed responseOuiEC, ML-DSA
Delegated responderOui

RFC 3161 - TSA (Time-Stamp Protocol)

Section titled “RFC 3161 - TSA (Time-Stamp Protocol)”
FeatureSupportNotes
TimeStampReqOui
TimeStampRespOui
AccuracyOuiConfigurable
OrderingOui
NonceOui

Algorithmes Hybrides

Section titled “Algorithmes Hybrides”

Catalyst (ECDSA + ML-DSA)

Section titled “Catalyst (ECDSA + ML-DSA)”

Format propriétaire combinant signatures classiques et post-quantiques.

CombinaisonSupportOID
ECDSA-P256 + ML-DSA-44Oui1.3.6.1.4.1.XXXXX.1.1
ECDSA-P384 + ML-DSA-65Oui1.3.6.1.4.1.XXXXX.1.2
ECDSA-P384 + ML-DSA-87Oui1.3.6.1.4.1.XXXXX.1.3

Composite (IETF draft-ounsworth-pq-composite-sigs)

Section titled “Composite (IETF draft-ounsworth-pq-composite-sigs)”
CombinaisonSupportDraft
ECDSA-P256 + ML-DSA-44Ouidraft-13
ECDSA-P384 + ML-DSA-65Ouidraft-13
Ed25519 + ML-DSA-44Ouidraft-13

Interopérabilité

Section titled “Interopérabilité”
ValidateurVersionStatut
OpenSSL3.6+Partiel (PQC natif, pas Composite)
BouncyCastle1.83+Partiel (draft-07 pour Composite)

Voir TESTS-INTEROP.md pour les détails des tests.

Voir aussi

Section titled “Voir aussi”