Integrating Crypto-Agility Into PKIs

Long Term Authentication Challenges

Enterprise IT teams and connected device manufacturers increasingly use public key infrastructure (PKI) for authentication and encryption. However, the digital certificates and signatures within these systems use security measures that are vulnerable to quantum-enabled attacks.

Makers of durable, long-lived IoT devices and IT teams responsible for large and complex PKIs need solutions today to prepare for the quantum threat or risk losing control of those devices and exposing mission-critical information in the quantum age.

The challenge: Current digital certificates can only manage one signature algorithm. This limitation makes a timely migration to quantum-safe security tricky within large and complex PKIs. Bridging the gap between current and quantum-safe security — without affecting existing systems, adherence to standards, and end users — requires a new approach.

Existing Options Are Costly and Time-Consuming

Regardless of the reason for moving from one type of cryptography to another, it’s a logistically complicated and costly process to do so when you have many different endpoints needing to connect with a large number of different servers. While you may currently have several options to migrate your systems, you’re likely struggling to find one that’s cost-effective and maintains interoperability.

For example, some organizations choose to create a parallel public key infrastructure (PKI) that uses the new cryptographic algorithm and a forklift-upgrade approach from the existing PKI over to the new one. This requires a significant amount of resources and time due to duplication and delays the migration to stronger security measures for your most at-risk assets.

Simplify Cryptographic Migrations with
ISARA CatalystTM Agile Digital Certificate Technology

A simplified, cost-effective method of migrating PKIs to different cryptographic algorithms is to utilize a crypto-agile approach by integrating ISARA Catalyst™ Agile Digital Certificate Technology

The ISARA Catalyst Agile Digital Certificate Technology is a technique for creating an enhanced X.509 digital certificate that simultaneously contains two sets of cryptographic subject public keys and issuer signatures.

This technique provides administrators with maximum flexibility since crypto-agile credentials offer full backward compatibility with current X.509 formats. The crypto-agility built into this approach makes it entirely seamless to end-users. 

Benefits & Advantages

  • Gradual migration – Upgrade your most critical, at-risk assets in phases due to backward compatibility with current X.509 certificates which ensures interoperability
  • Eliminate duplication and management of multiple public key infrastructures (PKI) – reduce time, costs and complications associated with transitioning cryptography
  • Protect using the cryptographic algorithms you need to use, faster – whether you need a faster path to compliance or simply want to transition to stronger or more efficient security
  • Transparent to end-users – those endpoints using the enhanced certificates can still interact with existing systems and vice versa

Related Resources

  Web Page

ISARA Catalyst Agile Digital Certificate Methodology

  White Paper

Enabling Quantum-Safe Migration with Crypto-Agile Certificates

  Research Paper

The Viability of Post-quantum X.509 Certificates

Ready to get started?

Request a meeting to learn more about crypto-agility and quantum-safe security.

Request Meeting