Enabling Post-Quantum Cryptography

You can enable post-quantum cryptography (PQC) for encrypted network tunnels, providing resistance against attacks from quantum computers.

Note

  • Post Quantum Cryptography can be enabled only when setting up a new CommCell environment. It cannot be enabled on an existing CommCell environment in which the CommServe computer is already installed.

  • Post-quantum cryptography is supported for CommCell environments using CPR 2024E (11.36) or later.

  • For CPR 2024E (11.36), post-quantum cryptography is supported only for all-in-one setups (that is, the CommServe server, the Web Server, and the Command Center must all reside on the same computer).

  • Post-quantum cryptography does not work in multi-CommCell environments.

Before You Begin

On Windows computers only, do the following:

  1. Set the registries MaxRequestBytes and MaxFieldLength (DWORDS) at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters to a value of 30720 in hexadecimal (30 KB).

  2. Reboot the computer.

Procedure

  1. Install the CommServe computer.

  2. On all computers in which PQC needs to be enabled, set the following registries under Session:

    Note

    You can either set the keys at the individual server level, or create a server group and then set the keys at the server group level.

    • Keyname = sPostQuantumCerts Value = dilithium3

    • Keyname = sPostQuantumKEM Value = kyber1024

  3. Restart services on the CommServe computer. This will auto-renew the certificate authority (CA) and generate a new CommServe computer client certificate.

  4. While installing clients, ensure the Enable PQC mode in CommServe checkbox is selected.

×

Loading...