CertAutoPilot logo CertAutoPilot
Get started

PQC readiness

Post-Quantum Cryptography (PQC) readiness classifies every discovered certificate by how well its key material will age when quantum computers can break classical public-key crypto. Four buckets: vulnerable, transition, ready, unknown. The score feeds into risk, dashboards, and the finding system.

01Classification buckets

BucketWhat qualifiesInterpretation
VulnerableRSA < 2048, DSA < 2048Already too weak against pre-quantum attacks, let alone quantum. Fix now regardless of PQC.
TransitionAll other classical: RSA 2048+, ECDSA P-256/P-384/P-521, Ed25519Safe today. Will be broken by a cryptographically-relevant quantum computer (CRQC). Rotate to a PQC or hybrid scheme once browsers / CAs support it.
ReadyPure PQC (ML-KEM, ML-DSA) or hybrid (ECDSA + ML-KEM) certsWill survive a CRQC. This is the target state. As of 2026, almost nothing in the wild qualifies.
UnknownAlgorithm we can't classify — custom OIDs, obscure EC curves, malformed keysLook at it. Often indicates a mis-extracted cert or an experimental algorithm.

02Why RSA 2048 is Transition, not Vulnerable

RSA 2048 is still considered pre-quantum strong in 2026 — NIST recommends it through the end of this decade. The moment a CRQC appears, every RSA-2048 (and every classical ECC) becomes trivially breakable. The vulnerable bucket is reserved for keys that were already sub-standard before quantum entered the picture — RSA-1024 is a concrete example.

03How classification runs

  1. Discovery scan extracts the public key.
  2. pkg/discovery/pqc.go looks at the algorithm OID + key size.
  3. ECDSA curves are identified via Params().BitSize — P-256 / P-384 / P-521 each produce a distinct label.
  4. Hybrid schemes (experimental) are detected via the composite OIDs proposed in IETF drafts.
  5. If nothing matches the lookup table, the cert is tagged unknown.

04Risk score integration

Vulnerable keys add 10 to the certificate's risk score. Transition adds nothing (it is the expected state for classical certs). Ready and Unknown also contribute zero. See risk scoring for where in the risk flow this slots in.

05Findings

Every cert classified vulnerable emits a pqc_vulnerable finding at severity Medium, with remediation text suggesting a bridge-to-ECDSA or RSA-3072+ rotation. See findings.

06Stats surfaces

  • Discovery → Inventory — stats widget shows PQC breakdown as a donut chart; click a slice to filter.
  • Dashboard → 47-Day Readiness — PQC readiness is one of the scoring inputs.
  • Individual cert detail — status badge + short explanation.

07Roadmap

As IETF finalises hybrid composite schemes (e.g. id-MLDSA44-ECDSA-P256) and major CAs start issuing them, CertAutoPilot will add recognition for each new algorithm. Classification is a versioned lookup table — a backend upgrade picks up newly- classifiable algorithms without any operator action.

08Troubleshooting

Too many unknown

Usually a scanner capture problem — the cert bytes are incomplete. Re-scan the endpoint; if still unknown, export the PEM from the inventory detail view and inspect with openssl x509 -text to see the algorithm.

"My org does not care about PQC yet, how do I mute these findings?"

Bulk-suppress pqc_vulnerable findings with a 180-day expiry. The suppression records are a breadcrumb for the next auditor — so you can point at the policy decision rather than looking like you missed the issue.