Inhaltsverzeichnis
3. Administrator
Documentation for system administrators on deploying and managing the PQ cryptography infrastructure.
Contents
| Section | Description |
|---|---|
| 3.1 Installation | System requirements, OpenSSL, .NET Runtime |
| 3.2 Configuration | Environment variables, paths, FIPS mode |
| 3.3 Operations | Health checks, certificates via CLI, trust stores |
| 3.4 Troubleshooting | CLI diagnostics, common errors |
Dependency Matrix
What we provide vs. what you provide:
| Component | Supplier | Version | How to obtain |
|---|---|---|---|
| WvdS.Crypto Library | EMSR DATA | 1.0.x | NuGet (developers) |
| OpenSSL | OpenSSL Foundation | 3.6.0+ | Admin installs |
| .NET Runtime | Microsoft | 8.0+ | Admin installs |
| OS Trust Store | Operating System | - | Pre-existing |
OpenSSL 3.6.0+ is mandatory for ML-DSA and ML-KEM support. Older versions do not support post-quantum algorithms.
System Requirements
| Component | Minimum | Recommended |
|---|---|---|
| .NET Runtime | 8.0 | 8.0 LTS |
| OpenSSL | 3.6.0 | 3.6.0+ |
| RAM | 512 MB | 1 GB+ |
| Storage | 100 MB | 500 MB (with keys) |
Operating Systems:
- Windows 10/11, Windows Server 2019+
- Linux (Ubuntu 22.04+, RHEL 8+, Debian 12+)
- macOS 13+ (Ventura)
Deployment Checklist
# 1. Check OpenSSL version openssl version # Expected: OpenSSL 3.6.0 or higher # 2. PQ algorithms available? openssl list -signature-algorithms | grep -i ml-dsa openssl list -kem-algorithms | grep -i ml-kem # 3. Check .NET Runtime dotnet --list-runtimes | grep "Microsoft.NETCore.App 8" # 4. Check providers openssl list -providers
- [x] OpenSSL 3.6.0+ installed
- [x] ML-DSA and ML-KEM algorithms available
- [x] .NET 8.0+ Runtime installed
- [ ] Environment variables configured → Configuration
- [ ] Health check successful → Operations
- [ ] Backup strategy defined
Quick Start for Admins
Windows (PowerShell as Administrator):
# Check OpenSSL & "C:\Program Files\OpenSSL\bin\openssl.exe" version # Set PATH (if not present) [Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\OpenSSL\bin", "Machine") # Verify openssl list -signature-algorithms | Select-String "ML-DSA"
Linux (bash):
# Check OpenSSL openssl version -a # Check PQ support openssl list -signature-algorithms | grep -i "ml-dsa" openssl list -kem-algorithms | grep -i "ml-kem"
Further Reading
- Security – Threat model, best practices
- Compliance – NIST FIPS 203/204 conformance
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional
Zuletzt geändert: on 2026/01/29 at 11:10 PM
