-
Platform
Back
DigiCert ONE Integrations
Understand the changing certificate lifecycle landscape:
-
Solutions
Back
Understand the changing certificate lifecycle landscape:
-
Buy
Back
Signing Certificates
Everything you need to secure your site.
-
Company
Back
-
Resources
Back
Understand the changing certificate lifecycle landscape:
-
Support
Back
Resources
Contact Support- Americas
- 1.866.893.6565 (Toll-Free U.S. and Canada)
- 1.801.770.1701 (Sales)
- 1.801.701.9601 (Spanish)
- 1.800.579.2848 (Enterprise only)
- 1.801.769.0749 (Enterprise only)
- Europe, Middle East Africa
- +44.203.788.7741
- Asia Pacific, Japan
- 61.3.9674.5500
- Americas
-
Language
- Contact us
After years of warnings and predictions, we’re entering an era in which you can begin to deploy post-quantum cryptography (PQC) on your own systems. We know our customers want to get started on the post-quantum journey, so we’ve created a simple, fully PQC-protected web application and published it in a GitHub repository.
The application is simple. It generates a banner page to confirm successful execution. But the page is retrieved over HTTPS. The TLS certificate for the page uses ML-DSA as the digital signature algorithm. ML-DSA is a quantum-safe algorithm intended (eventually) to replace RSA and ECDSA. This makes it a true post-quantum application.
Implementing the application will require Linux administration skills. The instructions are written to run it on an Amazon Web Services account, but using another cloud or a self-hosted system could work. The remaining software (Nginx, OpenSSL client, Curl and/or Links) is open-source and downloadable. If you have the experience, you may be able to migrate it to other Linux environments and web servers, and congratulations if you do. Please let us know at pqc.labs@digicert.com.
You won’t use a web browser as the application's client because none of them support ML-DSA yet. We have tested it with Curl, a command-line tool that retrieves and displays raw HTML, and Links, another command-line tool that generates a text rendering of the page. Here is the output in Links:
`
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to remain secure against adversaries with quantum computing capabilities. These algorithms aim to replace classical public-key systems (like RSA and ECC) that could be broken by a sufficiently powerful quantum computer.
Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a lattice-based post-quantum signature scheme standardized by NIST and supported by DigiCert for PQC experiments. It was formerly known as CRYSTALS-Dilithium and is intended to replace classical digital signatures with quantum-safe equivalents. ML-DSA provides authenticity and non-repudiation in a way designed to resist future quantum attacks.
Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) is a quantum-safe key exchange algorithm, standardized by NIST and supported in DigiCert tools and SDKs. It lets two parties establish a shared secret over a public channel, which can be used to secure session encryption such as in TLS, protecting confidentiality against quantum attacks.
In a post-quantum TLS handshake:
ML-KEM establishes a shared encryption key between client and server.
ML-DSA is used to authenticate the server’s identity via its TLS certificate.
Together, these provide both confidentiality and authenticity resistant to future quantum cryptanalysis, though current mainstream browsers do not yet support ML-DSA certificates.
Mainstream browsers require extensive testing, ecosystem coordination, and library integration before adopting new cryptographic primitives. While ML-KEM has seen early production use for key exchange, support for post-quantum signature algorithms like ML-DSA in browsers is still in development. That’s why tools like Curl or Links are recommended for your test server.
Yes. Because browsers don’t yet support quantum-safe certificates, you’ll use command-line tools such as:
- Curl: Fetches raw HTML over TLS
- Links: Renders text pages via command line
These allow you to validate your server’s post-quantum TLS handshake and certificate behavior in a controlled test environment.
Featured Stories
No Time to Wait: PQC Pressure from the
Dept. of War
Subscribe to the blog
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
Company
-
My Account
-
Resources
-
Sites
-
© 2026 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings