{"id":1472,"date":"2020-12-08T17:14:01","date_gmt":"2020-12-08T17:14:01","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=1472"},"modified":"2020-12-11T12:24:17","modified_gmt":"2020-12-11T12:24:17","slug":"what-is-a-quantum-safe-hybrid-digital-certificate","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/","title":{"rendered":"What Is a Quantum-Safe Hybrid Digital Certificate?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Sectigo\u2019s Tim Callan, Jason Soroko and Alan Grau break down what quantum safe hybrid TLS certificates are and how they can help to prepare businesses for quantum-safe cryptography in Sectigo\u2019s <a href=\"https:\/\/sectigo.com\/resource-library\/root-causes-118-quantum-apocalypse-what-is-a-hybrid-certificate\" target=\"_blank\" rel=\"noreferrer noopener\">Root Causes podcast<\/a><\/h2>\n\n\n\n<p>Quantum computing is poised to disrupt the technological world as we know it. And although quantum computing \u2014 and all of the advantages it offers \u2014 <a href=\"https:\/\/security.googleblog.com\/2016\/07\/experimenting-with-post-quantum.html\" target=\"_blank\" rel=\"noreferrer noopener\">is still realistically years away<\/a>, businesses and organizations need to prepare themselves for its inevitable downside: broken cryptosystems.<\/p>\n\n\n\n<p>Quantum computers will break our existing <a href=\"https:\/\/sectigostore.com\/blog\/5-differences-between-symmetric-vs-asymmetric-encryption\/\">asymmetric cryptosystem<\/a> \u2014 something that cybercriminals will be ready and eager to take advantage of. This is why it\u2019ll be necessary to migrate your existing IT and cryptosystems to their quantum-resistant or quantum-safe equivalents.<\/p>\n\n\n\n<p>But, of course, upgrading to post quantum cryptographic (PQC) systems and infrastructure takes time and resources. So, one of the ways to help futureproof your cyber security through this process is through the use of <strong>hybrid digital certificates<\/strong> such as a hybrid TLS certificate.<\/p>\n\n\n\n<p>In the podcast, Tim Callahan, Jason Soroko and Alan Grau break down the subtle but important distinctions to know about quantum-safe hybrid digital certificates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is a Hybrid Digital Certificate?<\/h2>\n\n\n\n<p>A hybrid certificate is essentially a traditional <a href=\"https:\/\/sectigostore.com\/blog\/what-is-a-pki-certificate\/\">X.509 digital certificate<\/a> that has additional quantum-safe components encoded within it. This type of certificate, also known as a cross-signed hybrid certificate, is a versatile way to enable your servers to meet the needs of different clients (web browsers) to allow them to connect regardless of their crypto capabilities.<\/p>\n\n\n\n<p>However, it\u2019s important to note that hybrid digital certificates are a means to an end but aren\u2019t the end solution in and of themselves. What we mean is that <strong>hybrid certificates help to bridge the gap between PQC-enabled systems and non-upgraded systems<\/strong> through versatility. This helps during the transition period, but the ultimate goal is for everyone \u2014 clients and enterprises alike \u2014 to use quantum safe cryptography.<\/p>\n\n\n\n<p>What this type of certificate offers is <a href=\"https:\/\/www.nccoe.nist.gov\/projects\/building-blocks\/post-quantum-cryptography\" target=\"_blank\" rel=\"noreferrer noopener\">cryptographic agility<\/a>, or crypto agility. (We\u2019ll speak more on the topic of crypto agility later.) Basically, once your business starts the transition to quantum-safe systems and applications, you won\u2019t have to try to support two separate certificates \u2014 a traditional digital certificate and a quantum-safe digital certificate \u2014 since you\u2019d already have a two-in-one hybrid certificate in place. This provides interoperability during the transition period.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Secure Connections Work Within Our Current Pre-Quantum Ecosystem<\/h2>\n\n\n\n<p>Website security as we know it relies on something known as <a href=\"https:\/\/sectigostore.com\/blog\/what-is-pki-a-laymans-guide-to-public-key-infrastructure\/\">public key infrastructure (PKI)<\/a>. This combination of policies, procedures and technologies that support public key cryptography. Examples of traditional X.509 certificates include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>TLS certificates<\/strong> (transport layer security), formerly known as SSL certificates (secure sockets layer).<\/li><li><strong>Code signing certificates.<\/strong><\/li><li><strong>Document signing certificates<\/strong>.<\/li><li><strong>Email signing certificates<\/strong>.<\/li><\/ul>\n\n\n\n<p>In public key cryptography, we use these certificates to help authenticate and provide encryption. For example, an SSL\/TLS certificate authenticates the server that a client connects to and also creates a secure, encrypted connection between the two parties.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does a Hybrid TLS Certificate Differ from a Traditional One?<\/h2>\n\n\n\n<p>All TLS certificates contain digital signatures, keys, and algorithms. The difference between a traditional TLS certificate and Sectigo hybrid TLS certificate is that in addition to those traditional components:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>The hybrid certificate would contain extra X.509 certificate fields for quantum-safe keys and signatures.<\/li><li>The hybrid certificate would include the encoding for a quantum safe algorithm.&nbsp;<\/li><\/ol>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"701\" height=\"604\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/sectigo-hybrid-certificate-fields.png\" alt=\"An illustration of the alternate fields that hybrid digital certificates would include\" class=\"wp-image-1474 addshadow\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/sectigo-hybrid-certificate-fields.png 701w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/sectigo-hybrid-certificate-fields-300x258.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/sectigo-hybrid-certificate-fields-560x483.png 560w\" sizes=\"auto, (max-width: 701px) 100vw, 701px\" \/><figcaption>Image source: Sectigo\u2019s <a href=\"https:\/\/sectigo.com\/quantum-labs\" target=\"_blank\" rel=\"noreferrer noopener\">Quantum Labs<\/a><\/figcaption><\/figure><\/div>\n\n\n\n<p>This means that even though the structure of the X-509 certificate changed, it won\u2019t be an issue for legacy systems that receive the certificate. They\u2019ll see fields in the certificate that they won\u2019t recognize and will simply ignore them. As a result, legacy systems will still be able to connect right away using the existing public key algorithms that the hybrid certificates continue to support even though those certificates now also support PQC algorithms.<\/p>\n\n\n\n<p>This means that you don\u2019t immediately have to start upgrading your legacy systems to start using hybrid certificates, guest speaker Alan Grau explains. Rather, they can be pulled in more gradually as you update your devices and servers over time. &nbsp;&nbsp;<\/p>\n\n\n\n<p>Podcast co-host Jason Soroko follows up with a key takeaway:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cWhat it means, in very plain English, is that somebody could take the toolkit today, start issuing these X-509 certificates with, say, an ECC encryption chosen with the alternate fields and traditional systems and not break a single thing.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">How a Hybrid TLS Certificate Works in Authentication<\/h2>\n\n\n\n<p>Podcast co-host Tim Callan approximates using hybrid digital certificates to being bilingual. Basically, if you speak English and French, and the person you\u2019re communicating with does as well, then you could choose to communicate using either language. Likewise, if you\u2019re bilingual and you\u2019re speaking with someone who only speaks English or only speaks French, you can still communicate with them as well just as efficiently.<\/p>\n\n\n\n<p>Grau describes it with the analogy of changing the lock on the front door of a boarding house that has multiple residents. If only one of those residents is there to receive the new stronger and more secure key (quantum safe crypto algorithm), they\u2019d be able to use the front door. But if others aren\u2019t there when the lock is swapped out, then they\u2019d still have to use the back door and the less secure key (traditional crypto algorithm).<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201c[\u2026] so as people access the house and you give them the new key, they start using the new front door lock with the new key that\u2019s stronger and more secure. But even as people trail in through the back door, you can start to see who still needs to be updated. But you\u2019ve got a period of time when both the old key and the new key can be utilized.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<p>It\u2019s much the same with the hybrid certificate. So, no matter whether your users\u2019 clients are using quantum systems or non-updated ones, authentication will still be possible without issues or disruptions. Basically, you can serve both audiences without any delays or interruptions until you can eventually make the full switch to quantum-safe algorithms only.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"481\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate-1024x481.png\" alt=\"A comparative graphic showcasing the difference between a traditional digital certificate &amp; a quantum-safe certificate together vs a hybrid digital certificate\" class=\"wp-image-1475 addshadow\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate-1024x481.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate-300x141.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate-560x263.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate-940x442.png 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/traditional-vs-hybrid-digital-certificate.png 1534w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Image source: Sectigo\u2019s <a href=\"https:\/\/sectigo.com\/quantum-labs\" target=\"_blank\" rel=\"noreferrer noopener\">Quantum Labs<\/a><\/figcaption><\/figure><\/div>\n\n\n\n<p>Of course, this type of transition won\u2019t happen overnight. From a global perspective, it\u2019ll take years \u2014 \u201ca decade or more,\u201d according to Grau. It would also likely take individual enterprises several years as well depending on their size, capabilities, and the number of internal and third-party systems that are involved. &nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How a Hybrid TLS Certificate Factors Into Establishing Secure Connections<\/h2>\n\n\n\n<p>When you connect to a web server via your browser using modern cryptosystems and TLS certificates, there\u2019s a process that takes place known as a TLS handshake. Part of this process involves a negotiation that helps to determine which encryption algorithm (such as RSA, ECC, etc.) will be used to communicate between the parties.<\/p>\n\n\n\n<p>As Grau explains:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201c[\u2026] most web servers will support some different options so they can support different versions of clients that support, perhaps, slightly different versions of TLS or keys. So, that sort of negotiation goes on today, but in a very narrow band of known encryption algorithms.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<p>With post quantum cryptography, the idea here is very similar. The exception, though, is that as you upgrade your systems to use the new quantum safe crypto algorithms and if you have hybrid certificates in place. Then, the idea here is that those new PQC algorithms will be put to use as they can be instead of RSA or ECC.<\/p>\n\n\n\n<p>\u201cThe work has to happen on all of those systems. We\u2019re not going to turn on the switch and one day we\u2019re at RSA and the next everything\u2019s on post quantum encryption.\u201d&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">So, Just What Is a Quantum Safe Algorithm?<\/h2>\n\n\n\n<p>That\u2019s a great question. The National Institute of Standards and Technology (NIST) is still working to define those algorithms. NIST began the process in 2017 with 69 potential algorithms to choose from that met specific criteria. As of July 2020, they\u2019ve narrowed a list down to just 15 algorithms that made it through <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/8309\/final\" target=\"_blank\" rel=\"noreferrer noopener\">NIST\u2019s PQC standardization process<\/a> (so far). The list of algorithms include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Four third-round finalists for public key encryption and key-establishment algorithms: <strong>Classic McEliece<\/strong>, <strong>CRYSTALS-KYBER<\/strong>, <strong>NTRU<\/strong>, and <strong>SABER<\/strong>.<\/li><li>Three third-round finalists for digital signatures: <strong>CRYSTALS-DILITHIUM<\/strong>, <strong>FALCON<\/strong>, and <strong>Rainbow<\/strong>.<\/li><li>Eight third-round alternate candidate algorithms: <strong>Bike<\/strong>, <strong>FrodoKEM<\/strong>, <strong>HQC<\/strong>, <strong>NTRU Prime<\/strong>, <strong>SIKE<\/strong>, <strong>GeMSS<\/strong>, <strong>Picnic<\/strong>, and <strong>SPHINCS+<\/strong>.<\/li><\/ul>\n\n\n\n<p>So, why aren\u2019t they narrowing it down to just one algorithm? Part of that is likely because they\u2019d want to have different algorithms for different use cases and to allow for general cryptographic redundancy. After all, you wouldn\u2019t want to just narrowly focus on only one tool in case it doesn\u2019t work out \u2014 it\u2019s best to have a few options.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Crypto Agility Is So Important to a Post Quantum World<\/h3>\n\n\n\n<p>Soroko cautions that assuming that NIST\u2019s final selection will be set in stone is a mistake. This is because NIST has indicated interest in a lattice approach because of the strength of the algorithm, its factorability, and its reasonable key sizes. However, Soroko says that there are other approaches that could be optimized for various applications.<\/p>\n\n\n\n<p>This is why being crypto-agile is crucial as businesses transition to quantum-safe environments. As standards change over time and algorithms deprecate, having tools that offer crypto agility helps to keep you from being caught unprepared.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cOne of the things we may end up finding is that there\u2019s an ah-ha moment \u2014 or, more than likely, an uh-oh moment \u2014 which is where cryptographic agility is something we\u2019re going to need long term.\u201d<\/em>  \u2014 Jason Soroko<\/p><\/blockquote>\n\n\n\n<p>These hybrid certificates will afford your organization the cryptographic agility you\u2019ll need to move to PQC algorithms down the road when it becomes necessary. However, an added bonus is that they\u2019ll also enable you to switch between RSA and ECC connections in the meantime as well when necessary. &nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Challenges of Preparing Your Business or Enterprise to Be Quantum Safe<\/h2>\n\n\n\n<p>As you can imagine, preparing your business and IT infrastructure for the coming quantum transformation is going to be a lot of work. For proper implementation, these changes will essentially touch everything within your IT ecosystem.<\/p>\n\n\n\n<p>Guest speaker Alan Grau provides an overview of some of the changes you\u2019ll need to make:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cWhen you look at migrating your PKI systems from existing traditional algorithms to quantum safe algorithms, that really is a huge undertaking because there\u2019s a number of steps that have to happen. You need to upgrade the PKI system, you need to upgrade the servers, you need to upgrade the clients.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<p>When it comes to preparing for quantum-safe code signing, you\u2019ll also need to upgrade the signing application and the validation applications.<\/p>\n\n\n\n<p>You\u2019ll have to ensure that your internal and external third-party systems are all brought up to speed to be quantum safe.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What Makes This Type of Upgrade Difficult At Scale<\/h3>\n\n\n\n<p>RSA encryption has been the go-to for encryption for decades, and ECC has been picking up traction over time as well. However, once quantum cryptography becomes commercialized, it means that everything we as an industry currently have in place will become legacy and outdated systems.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cIf you were making a system, you could just safely assume that the presence of RSA would be there. So, everything we have \u2014 every piece of software, every piece of firmware, every piece of hardware, every service in the global economy \u2014 is built on that compatibility.\u201d <\/em>\u2014 Tim Callahan<\/p><\/blockquote>\n\n\n\n<p>But what happens when RSA or ECC become vulnerable because of QC? Grau drives home the point that it\u2019s not just the client and server applications need to be upgraded with new crypto algorithms \u2014 it\u2019s the entire crypto structure. But, as you can imagine, these types of sweeping changes take resources \u2014 time, labor, and money. This is especially the case for enterprises that have to make these changes at scale.<\/p>\n\n\n\n<p>And, often times, Callahan says, this means that companies will be doing it piecemeal to make the transition process less resource intensive. As a result, some of these new quantum-safe systems will have to coexist with legacy systems in the meantime \u2014 and this is why there\u2019s a need for hybrid TLS certificates.<\/p>\n\n\n\n<p>Of course, these hybrid certificates don\u2019t mean that your IT and network guys can kick back and relax. Within your own organization, your sys admins will still need to monitor their systems and networks to stay abreast of which users and applications are using outdated algorithms and certificates. This way, they know what still needs to be upgraded before your organization fully transitions to being quantum safe. &nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Quantum Cryptography Is a Concern for Data Security<\/h2>\n\n\n\n<p>The concept of quantum computing and the concerns that stem from quantum cryptography aren\u2019t all that new. The concept of quantum computing has been around for decades after it first came onto the scene in the 80s. However, it wasn\u2019t until the mid-90s that concerns about its impact on cryptography really started to take hold. That\u2019s when <a href=\"https:\/\/www.ncbi.nlm.nih.gov\/books\/NBK538701\/\">mathematician Peter Shor developed a quantum algorithm<\/a> (Shor\u2019s Algorithm) that could solve the factoring problem of large integers.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This highlighted the concern that our existing public key cryptographic tools could be vulnerable to quantum computer-based attacks. And considering that digital information around the world is widely protected using public key cryptography, that\u2019s a very real concern.&nbsp;<\/p>\n\n\n\n<p>Now, of course, the good news is that quantum computing isn\u2019t going to rolling out tomorrow. So, it\u2019s not an immediate threat. However, quantum computing <em>is<\/em> on the horizon and is something that every business must start preparing for.<\/p>\n\n\n\n<p>But what happens to your secure connections once quantum computing does go commercial? If you\u2019re using a hybrid digital certificate that supports both quantum-safe algorithms and vulnerable algorithms like RSA and ECC, does it somehow leave you vulnerable? Not if you\u2019re using PQC algorithms for your connections.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What the Transition Will Look Like as We Move to PQC Systems Globally<\/h2>\n\n\n\n<p>As with any big change, the move to using post quantum cryptography in the global ecosystem is going to take time and requires a period of adjustment. And the idea is that hybrid certificates can help to serve as a go-between for the PQC systems and those using vulnerable algorithms until everyone gets their systems and applications up to speed.<\/p>\n\n\n\n<p>According to Grau, hybrid certificates are a means to an end but aren\u2019t the end goal themselves:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201cThe transition period really is designed as a transition period. Any connections that are using the old encryption algorithms no longer are going to be secure once quantum computers have hit that point that they can crack these encryption algorithms. So, once things are switched over, it\u2019s really critical that we deprecate the ECC and RSA roots and switch them over to pure quantum safe certificates.\u201d<\/em><\/p><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Get to Know the Podcast Hosts and Guest Speaker<\/h2>\n\n\n\n<p>Sectigo\u2019s Senior Fellow Tim Callan and CTO of PKI Jason Soroko host the podcast, which features Alan Grau, VP of IoT and Embedded Solutions.<\/p>\n\n\n\n<p><a href=\"https:\/\/sectigo.com\/contributors\/tim-callan\" target=\"_blank\" rel=\"noreferrer noopener\">Tim Callan<\/a> is a fount of knowledge when it comes to PKI and SSL technologies. He has more than 20 years of experience in strategy marketing for SaaS and B2B software companies.<\/p>\n\n\n\n<p><a href=\"https:\/\/sectigo.com\/contributors\/jason-soroko\" target=\"_blank\" rel=\"noreferrer noopener\">Jason Soroko<\/a> is a security technology innovator who has served as an architect and developer of complex data structures and GIS technologies. His areas of expertise include climate statistics and spatial mathematics.<\/p>\n\n\n\n<p><a href=\"https:\/\/sectigo.com\/contributors\/alan-grau\" target=\"_blank\" rel=\"noreferrer noopener\">Alan Grau<\/a> joined the team when his company, Icon Labs, was acquired by Sectigo in May 2019. He\u2019s involves with Sectigo\u2019s Quantum Labs initiatives and has 30 years of experience in telecommunications and the embedded software marketplace.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts on Hybrid Certificates<\/h2>\n\n\n\n<p>Hybrid digital certificates are all about making you crypto agile. It\u2019s what will allow clients using upgraded systems to connect using the highest level of security without leaving any of your customers out in the cold. This way, you can serve customers who are using PQC-enabled clients while still serving those whose clients don\u2019t yet support PQC.<\/p>\n\n\n\n<p>Want to hear more? Tune in to <a href=\"https:\/\/sectigo.com\/resource-library\/root-causes-118-quantum-apocalypse-what-is-a-hybrid-certificate\" target=\"_blank\" rel=\"noreferrer noopener\">listen to the full podcast<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sectigo\u2019s Tim Callan, Jason Soroko and Alan Grau break down what quantum safe hybrid TLS certificates are and how they can help to prepare businesses for quantum-safe cryptography in Sectigo\u2019s&#8230;<\/p>\n","protected":false},"author":8,"featured_media":1477,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[124,123,125],"class_list":["post-1472","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-hybrid-digital-certificate","tag-hybrid-tls-certificate","tag-quantum-cryptography","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights<\/title>\n<meta name=\"description\" content=\"Although quantum computing is still years away, hybrid digital certificates will help your company&#039;s transition to post quantum cryptography.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights\" \/>\n<meta property=\"og:description\" content=\"Although quantum computing is still years away, hybrid digital certificates will help your company&#039;s transition to post quantum cryptography.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-08T17:14:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-11T12:24:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Casey Crane\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Casey Crane\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/\"},\"author\":{\"name\":\"Casey Crane\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\"},\"headline\":\"What Is a Quantum-Safe Hybrid Digital Certificate?\",\"datePublished\":\"2020-12-08T17:14:01+00:00\",\"dateModified\":\"2020-12-11T12:24:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/\"},\"wordCount\":2712,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/quantum-hybrid-digital-certificate.jpg\",\"keywords\":[\"hybrid digital certificate\",\"hybrid tls certificate\",\"quantum cryptography\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/\",\"name\":\"What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/quantum-hybrid-digital-certificate.jpg\",\"datePublished\":\"2020-12-08T17:14:01+00:00\",\"dateModified\":\"2020-12-11T12:24:17+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\"},\"description\":\"Although quantum computing is still years away, hybrid digital certificates will help your company's transition to post quantum cryptography.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/quantum-hybrid-digital-certificate.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/quantum-hybrid-digital-certificate.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"Digital binary code concept.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-quantum-safe-hybrid-digital-certificate\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a Quantum-Safe Hybrid Digital Certificate?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\",\"name\":\"Casey Crane\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"caption\":\"Casey Crane\"},\"description\":\"Casey is a writer and editor with a background in journalism, marketing, PR and communications. She has written about cyber security and information technology for several industry publications, including InfoSec Insights, Hashed Out, Experfy, HackerNoon, and Cybercrime Magazine.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights","description":"Although quantum computing is still years away, hybrid digital certificates will help your company's transition to post quantum cryptography.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/","og_locale":"en_US","og_type":"article","og_title":"What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights","og_description":"Although quantum computing is still years away, hybrid digital certificates will help your company's transition to post quantum cryptography.","og_url":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/","og_site_name":"InfoSec Insights","article_published_time":"2020-12-08T17:14:01+00:00","article_modified_time":"2020-12-11T12:24:17+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg","type":"image\/jpeg"}],"author":"Casey Crane","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Casey Crane","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/"},"author":{"name":"Casey Crane","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c"},"headline":"What Is a Quantum-Safe Hybrid Digital Certificate?","datePublished":"2020-12-08T17:14:01+00:00","dateModified":"2020-12-11T12:24:17+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/"},"wordCount":2712,"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg","keywords":["hybrid digital certificate","hybrid tls certificate","quantum cryptography"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/","url":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/","name":"What Is a Quantum-Safe Hybrid Digital Certificate? - InfoSec Insights","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg","datePublished":"2020-12-08T17:14:01+00:00","dateModified":"2020-12-11T12:24:17+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c"},"description":"Although quantum computing is still years away, hybrid digital certificates will help your company's transition to post quantum cryptography.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/09\/quantum-hybrid-digital-certificate.jpg","width":1600,"height":1000,"caption":"Digital binary code concept."},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-quantum-safe-hybrid-digital-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is a Quantum-Safe Hybrid Digital Certificate?"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c","name":"Casey Crane","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","caption":"Casey Crane"},"description":"Casey is a writer and editor with a background in journalism, marketing, PR and communications. She has written about cyber security and information technology for several industry publications, including InfoSec Insights, Hashed Out, Experfy, HackerNoon, and Cybercrime Magazine."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=1472"}],"version-history":[{"count":3,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1472\/revisions"}],"predecessor-version":[{"id":1482,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/1472\/revisions\/1482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/1477"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=1472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=1472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=1472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}