Khatim PKI Server supports Production-Grade PQC with HSM Integration

We’re excited to announce that Codegic has successfully tested and validated HSM integration in Khatim PKI Server, conforming to FIPS 204 and PKCS#11 v3.2. This marks a significant milestone for organizations looking to deploy Post-Quantum Cryptography (PQC) in real-world, production environments.

ML-DSA – From Lab to Production

Khatim PKI Server introduced support for the ML-DSA (MLDSA) algorithm in December 2024. However, that initial release relied on software-based key storage, making it better suited for lab and testing scenarios rather than enterprise deployments. HSM integration changes that entirely. By anchoring cryptographic operations in hardware security modules, organizations can now trust Khatim PKI Server for fully production-grade PQC deployments.

With this release, enterprises can setup PQC grade PKI and issue and manage:

• CA Certificates & CRLs

• OCSP Responses

• End Entity Certificates

All backed by the tamper-resistant security guarantees of HSM hardware.

Flexible Security Levels

Khatim PKI Server supports all three ML-DSA security levels, giving organizations the flexibility to match their security posture to their operational requirements:

• Dilithium 2 (MLDSA-44) – NIST security level 2, optimized for performance

• Dilithium 3 (MLDSA-65) – NIST security level 3, balanced security and efficiency

• Dilithium 5 (MLDSA-87) – NIST security level 5, maximum security for the most sensitive deployments

Validated Against Industry-Standard Tools

Interoperability is critical for any PKI deployment. Khatim PKI Server’s PQC implementation has been successfully tested against third-party tools including OpenSSL, confirming that certificates and cryptographic operations work seamlessly within broader ecosystems. Organizations can integrate with confidence, knowing the implementation meets real-world compatibility requirements.

Getting Ahead of the Quantum Threat

Mainstream operating systems are still in the process of adopting post-quantum cryptographic standards. Codegic isn’t waiting. By delivering production-ready PQC support today, Khatim PKI Server gives organizations the tools to build quantum-resilient infrastructure now before the threat becomes urgent.

The transition to quantum-safe cryptography is coming. The organizations that prepare early will be the ones that lead it.

Ready to Get Started?

Contact our team to request a trial version of Khatim PKI Server and experience its PQC capabilities firsthand.