Keyfactor Makes Quantum Leap with Post-Quantum PKI and Signing Capabilities

CLEVELAND--(BUSINESS WIRE)--Keyfactor, the identity-first security solution for modern enterprises, today announced the launch of two innovative product updates, EJBCA 8.0 and SignServer 6.0. The updates bring significant advancements in post-quantum readiness and Internet of Things (IoT) security as organizations seek safeguards against the rising possibility of cyberattacks brought on by developments in and growth of both technologies.

“Today, many organizations aren’t prepared for the transition to post-quantum cryptography. Whether they are ready or not, the new algorithms and standards are coming soon, and PKI will need to adapt accordingly,” said Ted Shorter, Chief Technology Officer, Keyfactor. “As a leader in PKI and cryptography management, we have put ourselves in front of this coming wave, and our mission is to lead our customers through their post-quantum transition. We’re committed to providing the tools and capabilities they need to establish and maintain digital trust in their ecosystem as their security needs evolve, including in their transition to post-quantum security and securing emerging IoT devices by design.”

New features with EJBCA 8.0 include:

• Post-Quantum Preparation: Support to start testing and evaluating new quantum-safe candidate algorithms for certificate issuance and certificate signing, including Dilithium and Falcon. The update allows companies to better prepare for the inevitable transition to post-quantum cryptography ahead of the National Institute of Standards and Technology (NIST) finalizing standardization in 2024.
• New IoT Security Capabilities: A new modular extension to EJBCA, plus support for the Matter Smart Home standard, extends the powerful capabilities already offered by Keyfactor today by making it even easier for manufacturers to deploy public key infrastructure (PKI) on the factory floor, at the edge, or in operational technology (OT) environments, while supporting industry requirements.
• Agile SSH Certificate Issuance: A new SSH Certificate Authority (CA) type that helps organizations move towards a more agile and secure approach of establishing trusted connections with machines. Specifically, the update makes it possible for organizations to issue host and user SSH certificates, enhance security with the ability to issue short-lived SSH certificates, and replace static SSH keys and passwords that are hard to manage and vulnerable to theft or misuse.

Updates to Keyfactor’s SignServer 6.0 include:

• Post-Quantum Readiness: Supports code signing with post-quantum candidate algorithms, including Dilithium and SPHINCS+, in testing environments that will enable developers and product teams to run a proof-of-concept to sign their code, applications, or firmware.
• IoT Security Advancements: Introduces the ability to digitally sign firmware with multiple signatures. With the update, device manufacturers can sign software and firmware with multiple signatures to ensure compatibility with different devices while improving the security of devices. The update also allows for a seamless transition to post-quantum security for IoT devices, making it possible to sign firmware with production-ready algorithms today and post-quantum algorithms in the future.

To learn more about EJBCA, please visit: https://www.keyfactor.com/products/ejbca-enterprise/

To learn more about SignServer, please visit: https://www.keyfactor.com/products/signserver-enterprise/

For resources related to preparing for post quantum, please visit Keyfactor’s PQC Lab: https://www.keyfactor.com/post-quantum-cryptography-lab/

About Keyfactor

Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale — and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.