~~NOTOC~~
====== 6. Scenarios ======

<WRAP round info>
**Categories:** 12 Developer + 6 Operator \\
**FFI Functions:** ~420 \\
**Target Audiences:** Developers, Administrators, Operators
</WRAP>

Complete task scenarios for post-quantum cryptography. Separated by target audience: **Developer** (API-focused, C#) and **Operator** (day-to-day operations, runbooks, bash/PowerShell).

----

===== Overview of All Categories =====

<mermaid>
flowchart TB
    subgraph SETUP["SETUP"]
        K1["1. PKI Infrastructure"]
        K2["2. CSR"]
        K3["3. Issue Certificates"]
    end

    subgraph MANAGE["MANAGEMENT"]
        K4["4. Manage Certificates"]
        K5["5. Validation"]
        K6["6. Revocation"]
    end

    subgraph CRYPTO["CRYPTOGRAPHY"]
        K7["7. Encryption"]
        K8["8. Signatures"]
        K9["9. Authentication"]
    end

    subgraph INFRA["INFRASTRUCTURE"]
        K10["10. TLS/mTLS"]
        K11["11. Key Management"]
        K12["12. Import/Export"]
    end

    K1 --> K2 --> K3
    K3 --> K4
    K4 --> K5 & K6
    K1 --> K11
    K3 --> K10
    K8 --> K9

    style K1 fill:#e8f5e9
    style K5 fill:#e3f2fd
    style K10 fill:#fff3e0
</mermaid>

----

===== Scenario Categories =====

^  Cat.  ^  Title  ^  Description  ^  Scenarios  ^  Status  ^
| [[.:pki:start|1]] | **PKI Infrastructure** | Root CA, Intermediate CAs, Trust Stores | 6 | In Progress |
| [[.:csr:start|2]] | **Certificate Requests (CSR)** | Create, sign, process CSRs | 4 | In Progress |
| [[.:zertifikate:start|3]] | **Issue Certificates** | Server, client, code signing certificates | 5 | In Progress |
| [[.:verwaltung:start|4]] | **Manage Certificates** | Renewal, re-key, export, archiving | 4 | In Progress |
| [[.:validierung:start|5]] | **Validation & Trust** | Chain validation, revocation check | 5 | In Progress |
| [[.:widerruf:start|6]] | **Revocation** | CRL, OCSP, Delta-CRL | 4 | In Progress |
| [[.:verschluesselung:start|7]] | **Encryption** | Hybrid encryption, key encapsulation | 3 | In Progress |
| [[.:signaturen:start|8]] | **Digital Signatures** | Documents, code, timestamps | 4 | In Progress |
| [[.:authentifizierung:start|9]] | **Authentication** | mTLS, client auth, SSO | 3 | In Progress |
| [[.:tls:start|10]] | **TLS/mTLS Communication** | Server setup, client config | 4 | In Progress |
| [[.:schluessel:start|11]] | **Key Management** | Generation, rotation, destruction | 5 | In Progress |
| [[.:interop:start|12]] | **Import/Export** | PEM, PFX, PKCS#7, interoperability | 4 | In Progress |

----

===== Industry-Specific Notes =====

<WRAP round tip>
Industry-specific requirements (energy, healthcare, automotive, industry) are documented **within the relevant scenarios**, not as a separate structure.

Example: Scenario "1.1 Create Root CA" contains notes for:
  * **Energy:** 25-year certificates for wind turbine lifespan
  * **Healthcare:** gematik-compliant OIDs
  * **Automotive:** V2X-PKI compatibility
</WRAP>

Regulatory compliance documentation: -> [[en:int:pqcrypt:business:compliance:start|Compliance]]

----

===== Quick Reference =====

<WRAP round tip>
**Quick Start:** -> [[.:kurzreferenz:start|Quick Reference]] \\
Compact code examples without details. For a quick overview.
</WRAP>

----

===== Operator Scenarios =====

<WRAP round tip>
**For Sysadmins & DevOps:** -> [[.:operator:start|Operator Scenarios]] \\
Runbooks, checklists, bash/PowerShell scripts for operational tasks.
</WRAP>

^  Category  ^  Description  ^  Scenarios  ^
| [[.:operator:tagesgeschaeft:start|Day-to-Day Operations]] | Issue, renew, revoke certificates, health check | 4 |
| [[.:operator:automatisierung:start|Automation]] | ACME, CI/CD signing, cert-manager, scheduled renewal | 4 |
| [[.:operator:monitoring:start|Monitoring]] | Expiry monitoring, CRL/OCSP check, audit logging, alerting | 4 |
| [[.:operator:migration:start|Migration]] | Classic->Hybrid, parallel operation, rollback, inventory | 4 |
| [[.:operator:disaster-recovery:start|Disaster Recovery]] | CA backup/restore, key ceremony, emergency revocation | 3 |
| [[.:operator:cloud:start|Cloud Integration]] | Azure Key Vault, AWS KMS, HashiCorp Vault | 3 |

----

===== Quick Start =====

**Typical starting point for new PKI:**

  - [[.:pki:start|1. PKI Infrastructure]] -> Build Root CA + Intermediate
  - [[.:csr:start|2. CSR]] -> Requests for end-entity certificates
  - [[.:zertifikate:start|3. Issue Certificates]] -> Server/client certificates
  - [[.:validierung:start|5. Validation]] -> Implement chain verification
  - [[.:widerruf:start|6. Revocation]] -> Set up CRL/OCSP

----

===== Further Reading =====

  * [[en:int:pqcrypt:konzepte:start|Concepts]] - Technical fundamentals
  * [[en:int:pqcrypt:api:start|API Reference]] - Complete method documentation
  * [[en:int:pqcrypt:developer:start|Developer]] - Integration into applications

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>scenarios overview pki categories}}