Find quantum-vulnerable certificate exposure
PostQ analyzes the certificate chain presented by your domain — public-key algorithm, signature algorithm, issuer, and expiry — and tells you which parts are quantum-vulnerable and what to plan for.
No signup required for the basic TLS scan. We only inspect public metadata.
- Detects RSA and ECDSA certificate public keys
- Identifies the certificate signature algorithm
- Shows the full chain with issuer and expiry
- Flags long-lived certificates that slow crypto-agility
Two algorithms, two timelines
A certificate has a public-key algorithm (it proves server identity) and a signature algorithm (how the CA vouches for it). Both can be quantum-vulnerable, and they migrate on different timelines — your CA controls the signature, you control the key.
What the certificate scan reports
- Leaf and intermediate public-key algorithms (e.g. RSA-2048, ECDSA P-256)
- Certificate signature algorithm (e.g. sha256WithRSAEncryption)
- Issuer, validity window, and days to expiry
- SHA-256 fingerprint for each certificate in the chain
Planning certificate migration
Add quantum-vulnerable certificate keys to your inventory and tag them for ML-DSA migration as CAs and clients add post-quantum support. Shorter certificate lifetimes make the eventual swap easier.
Algorithms that need a migration plan
| RSA | Integer factorisation — broken by Shor's algorithm. |
| ECDSA | Elliptic-curve discrete log — broken by Shor's algorithm. |
| DH | Finite-field Diffie-Hellman — quantum-vulnerable key exchange. |
| ECDH | Elliptic-curve Diffie-Hellman — quantum-vulnerable key exchange. |
| X25519 | Modern ECDH curve, still classical and quantum-vulnerable. |
| Ed25519 | Modern EdDSA signature, still classical and quantum-vulnerable. |
| RS256 | JWT RSA-SHA256 signature — quantum-vulnerable public-key signature. |
| ES256 | JWT ECDSA-P256 signature — quantum-vulnerable public-key signature. |
NIST-standardised replacements
| ML-KEM (FIPS 203) | Key encapsulation / key exchange (formerly Kyber). |
| ML-DSA (FIPS 204) | Digital signatures (formerly Dilithium). |
| SLH-DSA (FIPS 205) | Stateless hash-based signatures (formerly SPHINCS+). |
PostQ detects where quantum-vulnerable algorithms are used and reports them. We don’t claim a target algorithm is supported in your stack unless detection confirms it.
Frequently asked questions
Are RSA certificates quantum vulnerable?
Yes. RSA security relies on the difficulty of factoring large integers, which Shor's algorithm can solve efficiently on a cryptographically relevant quantum computer. RSA certificate keys and RSA signatures are both quantum-vulnerable.
Is ECDSA quantum vulnerable?
Yes. ECDSA relies on the elliptic-curve discrete logarithm problem, which is also broken by Shor's algorithm. ECDSA certificates are quantum-vulnerable despite being modern and efficient.
What replaces quantum-vulnerable certificate algorithms?
NIST's ML-DSA (FIPS 204) is the standardized signature replacement, with SLH-DSA (FIPS 205) as a hash-based alternative. Migration depends on CA and client support, so PostQ focuses on inventory and readiness today.
How long until I need to migrate certificates?
Certificates are typically shorter-lived than the data they protect, so they're often migrated after key-exchange. Still, inventorying certificate algorithms now lets you plan rotations and pressure CAs for PQ support.
Run a free PQC readiness scan
Scan any public domain for quantum-vulnerable TLS, certificate, and key-exchange cryptography. No signup required.
No signup required for the basic TLS scan. We only inspect public metadata.