====== 3. Administrator ======

Documentation for system administrators on deploying and managing the PQ cryptography infrastructure.

----

===== Contents =====

^  Section  ^  Description  ^
| [[.:installation|3.1 Installation]] | System requirements, OpenSSL, .NET Runtime |
| [[.:konfiguration|3.2 Configuration]] | Environment variables, paths, FIPS mode |
| [[.:betrieb|3.3 Operations]] | Health checks, certificates via CLI, trust stores |
| [[.:troubleshooting|3.4 Troubleshooting]] | CLI diagnostics, common errors |

----

===== Dependency Matrix =====

**What we provide vs. what you provide:**

^  Component  ^  Supplier  ^  Version  ^  How to obtain  ^
| WvdS.Crypto Library | EMSR DATA | 1.0.x | NuGet (developers) |
| OpenSSL | OpenSSL Foundation | **3.6.0+** | Admin installs |
| .NET Runtime | Microsoft | **8.0+** | Admin installs |
| OS Trust Store | Operating System | - | Pre-existing |

<WRAP important>
**OpenSSL 3.6.0+** is mandatory for ML-DSA and ML-KEM support.
Older versions do not support post-quantum algorithms.
</WRAP>

----

===== System Requirements =====

^  Component  ^  Minimum  ^  Recommended  ^
| .NET Runtime | 8.0 | 8.0 LTS |
| OpenSSL | 3.6.0 | 3.6.0+ |
| RAM | 512 MB | 1 GB+ |
| Storage | 100 MB | 500 MB (with keys) |

**Operating Systems:**
  * Windows 10/11, Windows Server 2019+
  * Linux (Ubuntu 22.04+, RHEL 8+, Debian 12+)
  * macOS 13+ (Ventura)

----

===== Deployment Checklist =====

<code bash>
# 1. Check OpenSSL version
openssl version
# Expected: OpenSSL 3.6.0 or higher

# 2. PQ algorithms available?
openssl list -signature-algorithms | grep -i ml-dsa
openssl list -kem-algorithms | grep -i ml-kem

# 3. Check .NET Runtime
dotnet --list-runtimes | grep "Microsoft.NETCore.App 8"

# 4. Check providers
openssl list -providers
</code>

  - [x] OpenSSL 3.6.0+ installed
  - [x] ML-DSA and ML-KEM algorithms available
  - [x] .NET 8.0+ Runtime installed
  - [ ] Environment variables configured → [[.:konfiguration|Configuration]]
  - [ ] Health check successful → [[.:betrieb|Operations]]
  - [ ] Backup strategy defined

----

===== Quick Start for Admins =====

**Windows (PowerShell as Administrator):**
<code powershell>
# Check OpenSSL
& "C:\Program Files\OpenSSL\bin\openssl.exe" version

# Set PATH (if not present)
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\OpenSSL\bin", "Machine")

# Verify
openssl list -signature-algorithms | Select-String "ML-DSA"
</code>

**Linux (bash):**
<code bash>
# Check OpenSSL
openssl version -a

# Check PQ support
openssl list -signature-algorithms | grep -i "ml-dsa"
openssl list -kem-algorithms | grep -i "ml-kem"
</code>

----

===== Further Reading =====

  * [[en:int:pqcrypt:konzepte:sicherheit|Security]] – Threat model, best practices
  * [[en:int:pqcrypt:business:compliance|Compliance]] – NIST FIPS 203/204 conformance

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>administrator sysadmin installation operations}}