Enabling Post-Quantum Cryptographic Algorithms for Tectia SSH Server

Since version 4.2.0 of Key Manager, the included Tectia package can use Post Quantum Cryptographic (PQC) algorithms. If you are upgrading from earlier version of Key Manager, your Tectia license needs to be updated. You can contact the support for a new Tectia license. You can activate PQC algorithms in the Tectia configuration file.

note

If you use Windows or older unix agents, you need to keep older algorithms in the configuration active.

Make sure that the following algorithm is enabled in the Tectia SSH Server configuration file:

<kex name="diffie-hellman-group1-sha1" />

Make sure that the authentication block for ssh-rsa is enabled in the Tectia SSH Server configuration file:

<hostkey-algorithm name="ssh-rsa" />

<auth-publickey
            signature-algorithms="rsa-sha2-256,rsa-sha2-512,\
            ssh-rsa-sha256@ssh.com,ssh-dss-sha256@ssh.com,\
            ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\
            x509v3-sign-dss-sha256@ssh.com,x509v3-sign-rsa-sha256@ssh.com,\
            x509v3-rsa2048-sha256,x509v3-ecdsa-sha2-nistp256,\
            x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,\
            ssh-ed25519,rsa-sha2-256-cert-v01@openssh.com,\
            rsa-sha2-512-cert-v01@openssh.com,\
            ecdsa-sha2-nistp256-cert-v01@openssh.com,\
            ecdsa-sha2-nistp521-cert-v01@openssh.com,\
            ssh-ed25519-cert-v01@openssh.com,ssh-rsa" />