红帽全球峰会2.2. Post-quantum cryptography algorithms in OpenSSL
You can use the OpenSSL TLS toolkit to generate keys and certificates with post-quantum algorithms. This helps enhance security against emerging threats while maintaining compatibility with traditional algorithms.
Starting with RHEL 10.1, you can use OpenSSL for generating keys, signing messages, verifying signatures, and creating X.509 certificates with the ML-DSA post-quantum algorithms.
From OpenSSL 3.5, the hybrid ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) method is preferred in TLS 1.3 handshakes. OpenSSL includes keys with both traditional algorithms and ML-KEM. The use of ML-KEM results in a slight delay in the initiation of TLS connections. Still, it does not affect performance after the handshake, as further communication uses a more efficient symmetric key.
例 2.1. Usage of ML-DSA for keys in OpenSSL
$ openssl genpkey -algorithm mldsa65 -out <mldsa-privatekey.pem>- Create a private key with the ML-DSA-65 algorithm.
$ openssl pkey -in <mldsa-privatekey.pem> -pubout -out <mldsa-publickey.pem>- Create a public key based on the ML-DSA-65-encrypted private key.
$ openssl dgst -sign <mldsa-privatekey.pem> -out <signature_message>- Sign a message with the private key.
$ openssl dgst -verify <mldsa-publickey.pem> -signature <signature_message>- Verify the ML-DSA-65 signature with the public key.
例 2.2. Usage of ML-DSA for certificates in OpenSSL
Because no public certificate authorities (CA) currently support post-quantum signatures, you can use only a local CA or self-signed certificates with ML-DSA signatures. For example:
$ openssl req \
-x509 \
-newkey mldsa65 \
-keyout <localhost-mldsa.key> \
-subj /CN=<localhost> \
-addext subjectAltName=DNS:<localhost> \
-days <30> \
-nodes \
-out <localhost-mldsa.crt>例 2.3. Establishing a connection with PQC key exchange and PQC certificates
An OpenSSL server and client can establish a post-quantum connection and a connection that uses only traditional algorithms.
$ openssl s_server \
-cert <localhost-mldsa.crt> -key <localhost-mldsa.key> \
-dcert <localhost-rsa.crt> -dkey <localhost-rsa.key> >/dev/null &
$ openssl s_client \
-connect <localhost:4433> \
-CAfile <localhost-mldsa.crt> </dev/null \
|& grep -E '(Peer signature type|Negotiated TLS1.3 group)'
Peer signature type: mldsa65
Negotiated TLS1.3 group: X25519MLKEM768例 2.4. Establishing a connection that uses only non-post-quantum cryptographic algorithms
$ openssl s_client \
-connect <localhost:4433> \
-CAfile <localhost-rsa.crt> \
-sigalgs 'rsa_pss_pss_sha256:rsa_pss_rsae_sha256' \
-groups 'X25519:secp256r1:X448:secp521r1:secp384r1' </dev/null \
|& grep -E '(Peer signature type|Server Temp Key)'
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bitsYou can configure a server to simultaneously use traditional certificates (RSA, ECDSA, and EdDSA) and post-quantum certificates. The server automatically and transparently selects the certificates preferred and supported by clients: the post-quantum for new clients and traditional for legacy ones.
See the openssl(1), openssl-genpkey(1), openssl-pkey(1), openssl-dgst(1), and openssl-verify(1) man pages on your system for more information.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}