Vault 101
Encryption and certificates explained
🔐 Secret Messages
Imagine you write a note to a friend. You scramble the letters so nobody else can read it. Your friend knows how to unscramble it. That is encryption.
Computers do the same thing. When you send a password or a credit card number, your computer scrambles it first. The website on the other end unscrambles it.
password123
a7xK9mQ2...
🔑 Keys Make It Work
To scramble and unscramble a message, you need a key. A key is just a long number. Only the right key can unlock the message.
There are two kinds of keys:
- Public key — Anyone can use this to lock a message. Think of it as a mailbox slot. Anyone can drop a letter in.
- Private key — Only the owner has this. It opens the mailbox. Only they can read the letters inside.
📄 A Digital ID Card
Encryption protects your data, but how do you know who you are talking to? That is what a certificate does.
A certificate is like an ID card for a website. It says: "I am really this website, and here is my public key."
✍️ Signatures Prove It Is Real
Anyone could make a fake ID card. So certificates need a stamp of approval. That stamp is called a digital signature.
A signature uses math to prove two things:
- Who made it — The signature links the certificate to a trusted organization.
- Nobody changed it — If anyone edits the certificate, the signature breaks.
🔗 Who Signs the Certificates?
A Certificate Authority (CA) signs them. A CA is a trusted organization that checks website owners and issues certificates. Your browser has a built-in list of CAs it trusts.
⚠️ Today's Math Will Break
Encryption uses math problems that are hard to solve. Today's computers would need billions of years to crack them.
Quantum computers are different. They solve certain math problems much faster. The math behind today's encryption is exactly the kind they are good at.
💡 New Math Already Exists
NIST (the U.S. standards agency) found new math that quantum computers cannot break. They published the final standards in August 2024. The transition has already begun.
📋 What Needs to Change
- Encryption keys — New key types that quantum computers cannot crack.
- Signatures — New signature math for certificates and documents.
- Certificates — CAs need to issue certificates using the new math.
🚀 Explore Quantum Nexum
The full reference library. Algorithms, standards, and specifications.
Interactive tools. Generate keys, test connections, compare algorithms.
Quantum-safe CA software. Issue and manage certificates with new math.
Browse the live PKI infrastructure powered by post-quantum algorithms.