5.2 TLS 1.3 s PQ algoritmima

Konfiguracija transportne enkripcije.

Podržani algoritmi

Funkcija	Algoritam	NIST standard
Key Exchange	ML-KEM-768¹⁾	FIPS 203
Potpis	ML-DSA-65²⁾	FIPS 204
Rezervni potpis	SLH-DSA³⁾	FIPS 205

TLS 1.3

Transport Layer Security 1.3⁴⁾ je aktualna verzija protokola enkripcije za sigurnu mrežnu komunikaciju.

Hibridni način

Za prijelazno razdoblje: Klasično + PQ kombinirano⁵⁾.

Key Exchange: X25519((Curve25519: https://cr.yp.to/ecdh.html)) + ML-KEM-768
Potpis: ECDSA + ML-DSA-65

.NET konfiguracija

builder.WebHost.ConfigureKestrel(options =>
{
    options.ConfigureHttpsDefaults(https =>
    {
        https.SslProtocols = SslProtocols.Tls13;
        https.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
    });
});

Cipher Suites

Preporučeni TLS 1.3 Cipher Suites⁶⁾ s PQ:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

Validacija

# Test TLS veze
openssl s_client -connect gateway.intern:443 -tls1_3

PQ-Crypto biblioteka

Za programsku implementaciju PQ Key Exchangea pogledajte:

Izvori

¹⁾

FIPS 203 (ML-KEM): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf

²⁾

FIPS 204 (ML-DSA): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf

³⁾

FIPS 205 (SLH-DSA): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf

⁴⁾

IETF RFC 8446 (TLS 1.3): https://datatracker.ietf.org/doc/html/rfc8446

⁵⁾

IETF Hybrid Key Exchange: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/

⁶⁾

IANA TLS Cipher Suites: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4