Concept atlas

Filter by mastery
The quantum threatWhy classical RSA / ECDSA needreplacement: Shor's algorithm,harvest-now-decrypt-later…ML-DSANIST-standardized post-quantumsignature based on structuredlattice problems (FIPS 204).SLH-DSANIST-standardized post-quantumsignature whose security restsonly on hash-function…ML-KEMNIST-standardized post-quantumKEM (FIPS 203). Used totransport a symmetric key…Hybrid signaturesAny construction that combinesa classical and a PQCsignature for transition.Composite signaturesA migration strategy combininga classical and a PQCsignature in a single unified…Catalyst certificatesA migration strategy thatstores PQC keys and signaturesinside X.509 certificate…CSR vs certificateA CSR is a request; acertificate is a CA-signedbinding of identity to public…Subject public key vssignature algorithmA certificate carries twoindependent algorithms: thesubject's and the issuer's.Trust anchor and chainvalidationTrust is the recursive abilityto verify a chain back to aroot you already trust.CMS SignedDataThe CMS shape that proves whosigned what: a payload plusone or more verifiable signer…CMS EnvelopedDataThe CMS shape that deliversencrypted content to one ormore recipients.KEM + AES-GCM (thetwo-jobs split)CMS encryption is layered: aKEM transports a symmetrickey, and AES-GCM encrypts the…Stateless backend,in-memory demo CAWhy the playground persistsnothing: every request standsalone; the demo CA is loaded…

Foundations

Pure PQC

Hybrid strategies

X.509 / CMS lifecycle

Operational model