QKDLite Manual¶
QKDLite by pQCee¶
QKDLite, by pQCee, is a set of middleware modules that are designed for businesses to connect easily and securely to Quantum Key Distribution (QKD) infrastructures with minimal changes to the applications. It abstracts away the protocol complexities for integrating with technical standards such as ETSI QKD 014, PKCS#11, RFC 8784, FIPS 197, and PCI-DSS to present a unified interface that focuses on secure key generation and management. This is the administration manual for QKDLite.
Benefits of using QKDLite
QKDLite adds the ability to cache QKD quantum keys in a FIPS 140 certified permanent storage, such as a hardware security module (HSM). This minimises the downtime experienced by business applications as they continue to have uninterrupted access to QKD quantum keys in the event of a downtime in the QKD infrastructure.
QKDLite introduces the ability to segregate a key pool per business application, ensuring it can serve multiple applications simultaneously, while preventing any single application from depleting the QKD quantum keys allocated to others. In addition, key policies can be specified to cater to the unique key pool requirements of each application.
QKDLite improves high availability (HA) property for business applications to request for QKD quantum keys from the QKD infrastructure. QKDLite supports features such as being able to gracefully failover across QKD key management entities (KMEs) for the same QKD entity, and replicate QKD quantum keys to cold sites that do not have access to a QKD infrastructure.
QKDLite can function as a virtual QKD KME, enabling security appliances (such as virtual private network gateways) to request for QKD quantum keys directly from QKDLite nodes via the QKD ETSI protocol. This allows for a seamless integration of QKDLite into existing infrastructure that has appliances already consuming quantum keys from QKD infrastructure.
QKDLite for Secure File Transfer is a web service, which can be enabled on QKDLite nodes, to allow senders to securely send files to others without the need to distribute secret keys. This is achieved when senders encrypt a file with a one-time-use QKD quantum encryption key via the web service, and recipients use the same web service to decrypt the file with a corresponding one-time-use QKD quantum decryption key.
QKDLite provides an additional layer of defence against quantum eavesdropping and quantum man-in-the-middle attacks against the QKD protocol (such as BB84). When business applications request for QKD quantum keys via QKDLite, these keys are derived from the QKD key and a secret key stored in the HSM. As such, quantum attackers who are able to determine the QKD key will have minimal impact to the business applications receiving QKD quantum keys via QKDLite.
Mentions on QKDLite
About pQCee¶
pQCee.com is a quantum cybersecurity startup that designs and builds post-quantum products and solutions to strengthen and protect the next generation of computing against quantum attacks. Please contact info@pqcee.com for more offerings. For more information, visit QKDLite product or pQCee.
Who is this manual for?¶
This manual is for IT infrastructure system administrators, who want to set up and configure QKDLite in their organisation IT infrastructure. This manual assumes the organisation IT infrastructure supports Linux Virtual Machines (VMs).
Table of Contents
- 1. Overview
- 2. Installation
- 3. Configuration
- 4. QKDLite KME - ETSI Protocol
- 5. QKDLite for Secure File Transfer
- 6. API Terms and Definitions
- 7. QKDLite Utility API Reference
- 8. QKDLite Scripts API Reference
- 9. REST APIs
- 10. Troubleshooting Guide