The Security Toolkit 9.0 for Java adds the following features to support PQ (Post-quantum) algorithms.

New EntrustPQ provider (Beta)

To support PQ (Post Quantum) algorithms, this release distributes a new EntrustPQ provider in the entpq.jar file.

This Beta version is for evaluation purposes only. It should not be used in production environments. Please reach out to Entrust Customer Support if you wish to have access to this beta version.

Composite Signature algorithm implementation

This release adds an implementation of the Composite Signature draft specification.

https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs

Since this draft is still being defined, the toolkit will likely need to be updated with additional tweaks to conform to the specification. Therefore, it is recommended that this composite signature implementation be used for interoperability testing and proof of concept applications at this time.

Internal identifier: PKI-24669, PKI-3135, PKI-36038, PKI-37029

New PKIUtil command line utility

As explained in PKIUtil client, this release adds the PKIUtil command line utility for generating:

Classic certificates
Post Quantum certificates
Composite certificates
Certificate Authorities, intermediate and End-Entity certificates
Certificate Revocation Lists
Raw signatures

This utility plugs in different cryptosystems to support:

Key Generation (RSA, EC, Composite + plugins)
CSR (PKCS10) Generation
ISSUE Certs (Root CA, Subordinate CA, End-Entities)
Verification (RFC 5280 verification of Certificate Chains)
CRL Issuance

Note

PKIUtil is located in the entpq.jar file, and therefore the optional etjava90_pq.zip file is required to access PKIUtil. The .zip file contains a simple .batch file (for Windows) or .sh file (for Linux) as well as a readme.txt that explains how to make use of the utility.

Internal identifier: PKI-31156, PKI-33537, PKI-34872, PKI-34913, PKI-35476, PKI-37272