Spork 101 — Quantum Nexum

🏛️ Think of the DMV

The DMV verifies your identity and issues a license. A Certificate Authority (CA) does the same for websites — verifies ownership and issues a certificate.

🏛️

DMV

Checks your identity

Gives you a license

≈

🔒

CA

Checks a website's identity

Gives it a certificate

📄 What Does a Certificate Do?

Proves identity. Your browser checks the certificate and shows a padlock if it's valid.

💡 Everyday example

You visit your bank's website. Your browser asks: "Can you prove you are really this bank?" The bank shows its certificate. Your browser checks it and shows the padlock.

🔗 How Trust Works

Your browser ships with a list of trusted CAs. If the certificate was signed by a trusted CA, the browser accepts it. This system is called PKI (Public Key Infrastructure).

✅ You already use this every day. Every padlock in your browser means a CA checked the website and issued a certificate.

✍️ Certificates Use Signatures

A CA signs each certificate using math (RSA or ECDSA today). The signature proves the certificate is authentic and unmodified.

⚠️ That Math Will Break

Quantum computers can solve the math behind RSA and ECDSA efficiently. A broken signature means the certificate cannot be trusted.

⚠️ Root CA certificates are often valid for 20 years or more. A root CA signed with RSA today may still be in use when quantum computers arrive.

💡 New Math Exists

NIST published post-quantum standards in August 2024. CAs need to adopt them.

📚 See Forge 101 for a plain-English breakdown of the new algorithms.

🥄 CA Software

Spork is a certificate authority written in Rust. It issues, manages, and revokes certificates — the same services commercial CAs provide, in a single binary.