QKDLite Manual
================================================================================

QKDLite by pQCee
--------------------------------------------------------------------------------
QKDLite, by pQCee, is a set of middleware modules that are designed for
businesses to connect easily and securely to Quantum Key Distribution (QKD)
infrastructures with minimal changes to the applications. It abstracts away the
protocol complexities for integrating with technical standards such as ETSI QKD
014, PKCS#11, RFC 8784, FIPS 197, and PCI-DSS to present a unified interface
that focuses on secure key generation and management. This is the administration
manual for QKDLite.

**Benefits of using QKDLite**

-  QKDLite adds the ability to cache QKD quantum keys in a FIPS 140 certified
   permanent storage, such as a hardware security module (HSM). This minimises
   the downtime experienced by business applications as they continue to have
   uninterrupted access to QKD quantum keys in the event of a downtime in the
   QKD infrastructure.

-  QKDLite introduces the ability to segregate a key pool per business
   application, ensuring it can serve multiple applications simultaneously,
   while preventing any single application from depleting the QKD quantum keys
   allocated to others. In addition, key policies can be specified to cater to
   the unique key pool requirements of each application.

-  QKDLite improves high availability (HA) property for business applications to
   request for QKD quantum keys from the QKD infrastructure. QKDLite supports
   features such as being able to gracefully failover across QKD key management
   entities (KMEs) for the same QKD entity, and replicate QKD quantum keys to
   cold sites that do not have access to a QKD infrastructure.

-  QKDLite can function as a virtual QKD KME, enabling security appliances (such
   as virtual private network gateways) to request for QKD quantum keys directly
   from QKDLite nodes via the QKD ETSI protocol. This allows for a seamless
   integration of QKDLite into existing infrastructure that has appliances
   already consuming quantum keys from QKD infrastructure.

-  QKDLite for Secure File Transfer is a web service, which can be enabled on
   QKDLite nodes, to allow senders to securely send files to others without the
   need to distribute secret keys. This is achieved when senders encrypt a file
   with a one-time-use QKD quantum encryption key via the web service, and
   recipients use the same web service to decrypt the file with a corresponding
   one-time-use QKD quantum decryption key.

-  QKDLite provides an additional layer of defence against quantum eavesdropping
   and quantum man-in-the-middle attacks against the QKD protocol (such as
   BB84). When business applications request for QKD quantum keys via QKDLite,
   these keys are derived from the QKD key and a secret key stored in the HSM.
   As such, quantum attackers who are able to determine the QKD key will have
   minimal impact to the business applications receiving QKD quantum keys via
   QKDLite.

**Mentions on QKDLite**

-  `Quantum-safe Message Authentication for Industrial IOT using "QKDLite" with
   LPN <https://pqcee.github.io/QKDLite%20-%20Quantum-Safe%20IOT.pdf>`__

-  `Securing QKD-HSM connectivity by pQCee and Thales - Solution Brief
   <https://cpl.thalesgroup.com/resources/encryption/securing-qkd-hsm-connectivity-thales-pqcee-solution-brief>`__

-  `Making QKD-VPN setups resilient against disruptions
   <https://qcve.org/blog/making-qkd-vpn-setups-resilient-against-disruptions>`__

About pQCee
--------------------------------------------------------------------------------
pQCee.com is a quantum cybersecurity startup that designs and builds
post-quantum products and solutions to strengthen and protect the next
generation of computing against quantum attacks. Please contact info@pqcee.com
for more offerings. For more information, visit `QKDLite product
<https://www.pqcee.com/product/qkdlite>`__ or `pQCee <https://www.pqcee.com>`__.

Who is this manual for?
--------------------------------------------------------------------------------
This manual is  for IT infrastructure system administrators, who want to set up
and configure QKDLite in their organisation IT infrastructure. This manual
assumes the organisation IT infrastructure supports Linux Virtual Machines
(VMs).

|

.. toctree::
   :numbered:
   :caption: Table of Contents

   overview
   installation
   configuration
   feature_etsi_kme
   feature_file_transfer
   terms_and_definitions
   qkdlite_utility
   qkdlite_scripts
   rest_api
   troubleshoot