Skip to content
QPKI

QPKI Documentation

QPKI Documentation

Section titled “QPKI Documentation”

Welcome to the Post-Quantum PKI documentation. This guide will help you find the right information based on your needs.

Getting Started

Section titled “Getting Started”
DocumentDescription
InstallationDownload binaries, Homebrew, or build from source
Quick StartCreate your first CA and certificate in 5 minutes
Post-QuantumPQC algorithms and hybrid certificates

Core PKI

Section titled “Core PKI”
DocumentDescription
CACA initialization and management
ProfilesCertificate profile templates
Keys & CSRKey generation and CSR operations
CertificatesCertificate issuance
CRLRevocation lists

End Entities

Section titled “End Entities”
DocumentDescription
CredentialsBundled key + certificate lifecycle

Services

Section titled “Services”
DocumentDescription
OCSPReal-time certificate status (RFC 6960)
TSATimestamping service (RFC 3161)
CMSCMS signatures and encryption (RFC 5652)
COSECBOR Object Signing (IoT, attestation)
SSHSSH certificate issuance (OpenSSH format)

Operations

Section titled “Operations”
DocumentDescription
HSMHardware Security Module integration (PKCS#11)
AuditAudit logging and SIEM integration

Migration

Section titled “Migration”
DocumentDescription
Crypto-AgilityAlgorithm migration guide
HybridHybrid certificates

Reference

Section titled “Reference”
DocumentDescription
CLIComplete command reference
TroubleshootingCommon errors and solutions
StandardsOIDs and formats
PKI BasicsCertificates, keys, CAs, trust chains
GlossaryPKI and PQC terminology

Development

Section titled “Development”
DocumentDescription
ArchitectureSystem architecture overview
ContributingContribution guide
TestingTesting guide
InteroperabilityInterop testing

Quality

Section titled “Quality”
DocumentDescription
Testing StrategyTesting philosophy and approach
Acceptance Tests102 acceptance tests
Interop TestsOpenSSL/BouncyCastle validation
SSH TestsOpenSSH certificate validation
ComplianceFIPS, RFC standards

Standards Compliance

Section titled “Standards Compliance”
StandardDescriptionStatus
RFC 5280X.509 PKI CertificatesImplemented
RFC 6960OCSPImplemented
RFC 3161TSA TimestampingImplemented
RFC 5652CMS Signed DataImplemented
RFC 9883ML-KEM in CMS (CSR Attestation)Implemented
FIPS 204ML-DSA (Dilithium)Implemented
FIPS 205SLH-DSA (SPHINCS+)Implemented
FIPS 203ML-KEM (Kyber)Implemented
ITU-T X.509 9.8Catalyst Hybrid CertificatesImplemented
IETF draft-13Composite SignaturesImplemented
PROTOCOL.certkeysOpenSSH Certificate FormatImplemented
PROTOCOL.krlOpenSSH Key Revocation ListImplemented

Document Map

Section titled “Document Map”
docs/
├── README.md              ← You are here
├── getting-started/       # Getting Started
│   ├── INSTALLATION.md    Installation guide
│   ├── POST-QUANTUM.md    PQC & hybrid certificates
│   └── QUICK-START.md     Quick start guide
├── core-pki/             # Core PKI
│   ├── CA.md              CA, certificates, CRL
│   ├── CERTIFICATES.md    Certificate issuance
│   ├── CRL.md             Revocation lists
│   ├── KEYS.md            Key generation, CSR
│   └── PROFILES.md        Certificate templates
├── end-entities/          # End Entities
│   └── CREDENTIALS.md     Credential lifecycle
├── services/              # Services
│   ├── OCSP.md            Real-time revocation
│   ├── TSA.md             Timestamping
│   ├── CMS.md             Signatures & encryption
│   ├── COSE.md            CBOR Object Signing
│   └── SSH.md             SSH certificates
├── operations/            # Operations
│   ├── HSM.md             PKCS#11 integration
│   └── AUDIT.md           Audit logging
├── migration/             # Migration
│   ├── CRYPTO-AGILITY.md  Algorithm migration
│   └── HYBRID.md          Hybrid certificates
├── reference/             # Reference
│   ├── CLI.md             Command reference
│   ├── PKI-BASICS.md      PKI fundamentals
│   ├── STANDARDS.md       OIDs and formats
│   ├── TROUBLESHOOTING.md Common errors
│   └── GLOSSARY.md        Terminology
├── dev/                   # Development
│   ├── ARCHITECTURE.md    System architecture
│   ├── CONTRIBUTING.md    Contribution guide
│   ├── TESTING.md         Testing guide
│   └── INTEROPERABILITY.md Interop testing
└── quality/               # Quality Assurance
    ├── STRATEGY.md        Test philosophy
    ├── TESTS-ACCEPTANCE.md 102 acceptance tests
    ├── TESTS-INTEROP.md   OpenSSL/BC validation
    ├── TESTS-SSH.md       OpenSSH certificate validation
    └── COMPLIANCE.md      FIPS/RFC standards