QertumPost-Quantum Security
v1.0 — FIPS 203 / 204 / 205 ready

Cryptography that
survives the quantum leap

Qertum is the open-source, crypto-agile Certificate Authority for the post-quantum era. Issue ML-DSA, SLH-DSA andhybrid X.509 certificates — with ACME automation, OCSP, CRLs and HSM-backed keys. No vendor lock-in.

Apache-2.0 licensed/Self-hostable/Crypto-agile core
qertum — bash
# Spin up a post-quantum root CA in seconds
$ qertum init --profile root --algorithm ml-dsa-87

   Generated ML-DSA-87 root key  (HSM slot 0)
   Self-signed root certificate  valid 20y
   OCSP responder + CRL distribution online

$ qertum issue --cn api.qertum.com --hybrid ml-dsa-65+ecdsa-p256

   Hybrid leaf certificate issued  → ./api.pem
The quantum threat

“Harvest now,
decrypt later”
isn't hypothetical.

Adversaries are recording encrypted data today to decrypt it the moment a cryptographically-relevant quantum computer arrives. Every certificate signed with RSA or ECC has an expiry date dictated by quantum progress — not by your policy.

Qertum lets you migrate on your own timeline: classical, hybrid and pure post-quantum certificates from a single crypto-agile authority, so your chain of trust outlives the cryptography it started with.

Explore capabilities
2025

NIST deadline to deprecate classical RSA/ECC public-key cryptography

Today

Encrypted traffic is already being harvested for future decryption

0%

Migration coverage — classical, hybrid and pure post-quantum, side by side

Capabilities

A complete CA, ready for what's next

Everything you expect from a production certificate authority — plus the post-quantum primitives standardized by NIST.

Crypto-agile at the core

Swap, combine and roll signature algorithms without re-architecting your PKI. Algorithm choices are policy, not concrete — so your chain of trust outlives the cryptography it started with.

Hybrid & composite certificates

X.509 certificates that carry both a classical and a post-quantum signature, so they validate everywhere through the transition.

The full CA lifecycle

Root and intermediate hierarchies, renewal, revocation, OCSP responders and CRL distribution — the complete chain of trust.

ACME automation

RFC 8555 compliant — a drop-in for certbot, lego, cert-manager and Caddy. Automate post-quantum issuance and renewal.

Hardware-backed keys

Keep private keys in hardware. Native PKCS#11, KMS and YubiHSM backends keep your root offline and tamper-resistant.

API, CLI & web console

One binary with a REST/gRPC API, a scriptable CLI and an audit-friendly admin console. Bare metal, Docker or Kubernetes.

Standards-based cryptography

Built on the NIST PQC standards

No experimental ciphers. Qertum ships the finalized FIPS algorithms — and the hybrid modes that bridge you there safely.

ML-DSA

CRYSTALS-Dilithium
Digital signature

The default for certificate signing. Lattice-based, fast verification. Security levels 44 / 65 / 87.

StandardFIPS 204

SLH-DSA

SPHINCS+
Digital signature

Hash-based, stateless and conservative. Ideal for long-lived roots and firmware signing.

StandardFIPS 205

ML-KEM

CRYSTALS-Kyber
Key encapsulation

For TLS key exchange and key establishment in issued credentials. Levels 512 / 768 / 1024.

StandardFIPS 203

Hybrid

Composite & Catalyst
Classical + PQC

ML-DSA paired with ECDSA or Ed25519 in one certificate — secure if either algorithm holds.

StandardIETF draft
Interactive Tool

Simulate your post-quantum transition

Configure a complete certificate chain and analyze the transmission overhead and latency risks of post-quantum cryptography in real-world networks.

Why this matters:

Classical certificates (RSA/ECC) fit within a few hundred bytes. Post-Quantum certificates require several kilobytes. This visualizer computes the exact over-the-wire impact on your TLS handshake.

Transmitted Chain Size5,980 bytes
Safe (Fits in 1 Packet)
TLS HANDSHAKE TRANSMISSION (LEAF + INTERMEDIATE)
Intermediate CA Certificate3,200 bytes
Pub Key (1,952 bytes)
Signature (4,595 bytes)
Leaf Certificate (api.qertum.com)5,980 bytes
Pub Key (2,016 bytes)
Signature (3,300 bytes)

Network Performance Diagnostics

TCP Packet Count5 Packets
Estimated RTT Overhead+0 RTT (No Fragmentation)
QUIC/UDP Drop RiskLow

This chain fits inside the standard TCP Initial Congestion Window (InitCW) of 14.6 KB. The handshake will complete in a single round-trip without packet fragmentation. Recommended for general web applications.

Handshake Overhead Comparison

Classical Baseline (ECDSA P-256)1,456 bytes
1.0x (Ref)
Current Configuration5,980 bytes
4.1x size
Heavy PQ Setup (SLH-DSA-256s Root)40,832 bytes
28.0x size
Quickstart

From zero to a post-quantum CA in minutes

Self-hosted, scriptable, and reproducible. Here's the whole path.

01

Install

A single static binary — or pull the container. No runtime dependencies.

02

Initialize your root

Generate a post-quantum or hybrid root in an HSM or software keystore.

03

Issue & automate

Hand out certs by CLI, REST, or wire up ACME for hands-off renewal.

# Install
$ brew install qertum/tap/qertum

# Stand up a hybrid root CA
$ qertum init --profile root \
    --algorithm ml-dsa-65+ecdsa-p256

# Issue your first leaf certificate
$ qertum issue --cn svc.qertum.com \
    --san svc.qertum.com,10.0.0.4 \
    --out svc.pem
# Run the CA server with persistent state
$ docker run -d \
    -p 8443:8443 \
    -v qertum-data:/var/lib/qertum \
    ghcr.io/qertum/qertum:1.0

# Enable the ACME endpoint
$ qertum acme enable --port 8443
# Install the latest release
$ curl -fsSL https://get.qertum.dev | sh

# Verify the signed release artifact
$ qertum verify --self
   SLH-DSA signature valid
Interoperable

Speaks the standards your stack already trusts

A drop-in authority — the certificates, protocols and key stores you use today, with post-quantum strength underneath.

FIPS 203ML-KEMFIPS 204ML-DSAFIPS 205SLH-DSARFC 5280X.509 PKIRFC 8555ACMERFC 6960OCSPPKCS#11HSM keysCA/B ForumBaseline
Open source & community-driven

Own your chain
of trust. Forever.

Apache-2.0 licensed, auditable end to end, and free to self-host. Join the contributors hardening the public-key infrastructure of the post-quantum internet.