Latest News

It’s a major change, but when you break it into manageable steps, it becomes far more achievable.

Step 1: Observe and inventory your PKI

Goal: Understand what cryptographic assets you have and where they live. 

• Use automated tools to discover certificates and crypto dependencies
• Catalog certificates by algorithm used, expiration date, and associated systems or apps
• Identify cryptographic libraries in cloud and on-prem applications, IoT devices, and root CAs
• Document and visualize PKI dependencies

Step 2: Assess and triage asset risk

Goal: Prioritize migration based on risk and sensitivity. 

• Classify assets: 
  • High priority: identity systems, financial systems, government data
  • Medium priority: VPNs, web auth, secure email
• Low priority: Internal apps with short-lived encryption

• Plan for full PQC protection of all assets by 2035

Step 3: Deploy hybrid PKI

Goal: Begin the secure transition to PQC with backward compatibility. 

• Introduce hybrid certificates (RSA/ECC + PQC)
• Use CAs that support quantum-safe algorithms
• Start testing quantum-resistant TLS for secure data-in-transit
• Phase out non-quantum-capable CAs and systems

Step 4: Define migration milestones

Goal: Break migration into manageable, time-bound phases. 

2025-2027

• Complete PKI inventory
• Begin hybrid PKI development
• Upgrade highest-risk assets
• Form a cross-functional PKI governance team

2028-2030

• Replace critical RSA/ECC encryption
• Audit cryptographic usage regularly

2031-2035

• Finish migrating all assets to PQC
• Establish crypto agility practices for ongoing adaptability

To stay secure in a quantum future, start now. Inventory, assess, deploy hybrid PKI, and set clear milestones. 

Questions? Talk to the experts at Keyfactor to begin your PQC journey.