JiriOndrusek opened a new pull request, #494: URL: https://github.com/apache/camel-quarkus-examples/pull/494
fixes https://github.com/apache/camel-quarkus/issues/8509 Adds a new Camel Quarkus example demonstrating quantum-resistant TLS authentication using hybrid Chimera certificates (RSA + ML-DSA-65) on Java 17. Key features: - Hybrid certificates with classical RSA-2048 + post-quantum ML-DSA-65 (NIST FIPS 204) signatures - Custom X509TrustManager validates both signatures during TLS handshake - invalid or RSA-only certificates are rejected before application code executes - Java 17 compatible using BouncyCastle 1.83 PQC provider (application-level validation) - Comprehensive visual documentation explaining PQC architecture and three implementation approaches - Automated certificate generation with test coverage (JVM and native modes) Implementation details: - Uses X.509 standard extensions (OIDs 2.5.29.72-74) for alternative PQC signatures per ITU-T X.509 - Mutual TLS authentication (quarkus.http.ssl.client-auth=required) on /pqc/secure endpoint - Both RSA and ML-DSA-65 signatures must be valid for TLS connection to succeed - NIST-standardized ML-DSA-65 algorithm OID (2.16.840.1.101.3.4.3.18) This provides a production-ready migration path to quantum-safe authentication on Java 17 while maintaining backward compatibility with classical RSA systems. For Java 21+, native PQC TLS support with hybrid cipher suites is recommended instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
