QPKI
Issue certificates that quantum computers can't break.
Single binary. No system dependencies. FIPS 203/204/205 compliant.
Quantum is coming. Are you ready?
NIST has finalized post-quantum standards. Governments target 2030 for migration.
The Deadline
NIST, NSA, and major governments target 2030 for post-quantum migration. RSA-2048 and ECC will be deprecated.
Harvest Now, Decrypt Later
Adversaries are already collecting encrypted data. When quantum computers arrive, they'll decrypt everything.
Standards Are Ready
NIST finalized FIPS 203, 204, 205 in 2024. The algorithms exist. The tools exist. Time to act.
Your Entire PKI Stack
Everything you need to issue, manage, and verify quantum-safe X.509 certificates.
Built for the Quantum Era
What makes QPKI different.
Post-Quantum Ready
PQC via Cloudflare CIRCL. ML-DSA for signatures, ML-KEM for key encapsulation, SLH-DSA for hash-based signatures. PQ & hybrid certificates cross-tested with OpenSSL and BouncyCastle.
Explore post-quantum algorithms →# Generate ML-DSA key pair
$ qpki key generate \
--algorithm ml-dsa-65 \
--out root-ca.key
✓ ML-DSA-65 key pair generatedHybrid Certificates
Dual-algorithm certificates combine classical with post-quantum algorithms. Two hybrid strategies: Catalyst for gradual migration and Composite for full dual-algorithm binding. Deploy hybrid TLS/mTLS for your servers, APIs, and IoT. Backward compatible with existing infrastructure while quantum-safe.
Hybrid certificate formats →# Generate hybrid CSR (Catalyst mode)
$ qpki csr gen \
--algorithm ecdsa-p256 \
--hybrid ml-dsa-65 \
--cn "api.example.com"
✓ Hybrid CSR generated
# Issue from hybrid CSR
$ qpki cert issue \
--profile hybrid/catalyst/tls-server \
--csr hybrid.csr
✓ Hybrid certificate issuedCrypto-Agile by Design
Each credential bundles multiple certificates — classical and post-quantum — with a coupled lifecycle. Enroll today, rotate to new algorithms tomorrow. Declarative profiles make migration a one-line operation.
Crypto-agility migration guide →# Enroll with classical crypto
$ qpki credential enroll api-server \
--profile ec/tls-server ...
✓ Credential enrolled · ECDSA-P256
# Rotate to post-quantum
$ qpki credential rotate api-server \
--profile ml/tls-server
✓ Rotated to ML-DSA-65HSM Ready
PKCS#11 integration for hardware security modules. Keep private keys in tamper-resistant hardware. Works with air-gapped and FIPS-validated environments.
HSM integration guide →# Initialize CA with HSM-backed keys
$ qpki ca init \
--profile ml/root-ca \
--hsm-config hsm.yaml \
--key-label "pq-root-ca"
✓ Root CA created · key stored in HSMDocument Signing
CMS signatures with ML-DSA produce detached .p7s proofs that travel alongside any file — contracts, invoices, firmware. Classical signatures can be forged retroactively once quantum computers arrive; ML-DSA signatures remain unforgeable. Verify in one command, no proprietary tooling required.
# Sign document with ML-DSA
$ qpki cms sign \
--data contract.pdf \
--credential signer \
--out contract.p7s
✓ Signed with ML-DSA-65 (detached)
# Verify signature
$ qpki cms verify contract.p7s \
--data contract.pdf --ca ca.crt
✓ Valid · ML-DSA-65Data Encryption
CMS encryption with ML-KEM key encapsulation. Protect sensitive data at rest and in transit against future quantum decryption. RFC 9880 (ML-KEM in CMS) and RFC 9883 attestation for KEM enrollment.
CMS encryption with ML-KEM →# Encrypt document with ML-KEM
$ qpki cms encrypt \
--recipient alice-ml-kem.crt \
--in report.pdf \
--out report.pdf.p7m
✓ Encrypted with ML-KEM-768Quantum-Proof Timestamps
RFC 3161 timestamping with ML-DSA. Classical timestamps can be forged once quantum computers break their signatures — PQC timestamps remain unforgeable against quantum attacks. Built-in HTTP server for production deployment.
RFC 3161 timestamping docs →# Timestamp a document with ML-DSA
$ qpki tsa sign \
--data contract.pdf \
--credential tsa \
--out contract.tsr
✓ Timestamped with ML-DSA-65
# Verify timestamp
$ qpki tsa verify --token contract.tsr \
--data contract.pdf --ca ca.crt
✓ Valid · 2026-03-17T14:30:00ZSecure Tokens
COSE/CWT tokens signed with ML-DSA for identity, access control, and device attestation. Compact binary format ideal for IoT and constrained environments. Hybrid mode ensures backward compatibility with existing infrastructure.
COSE/CWT token guide →# Issue PQ auth token (CWT)
$ qpki cose sign \
--cert auth-server.crt \
--key auth-server.key \
--iss "https://auth.example.com" \
--sub "user@example.com" \
--exp 1h \
-o auth-token.cbor
✓ CWT signed with ML-DSA-653 Commands. 1 Hybrid CA.
From zero to backward-compatible, quantum-safe certificates in under a minute.
Hands-On Post-Quantum Labs
11 hands-on labs for security teams. From quantum threat awareness to crypto-agile migration. Quick path in 20 minutes.