Ask a Question

SSH PQC Support

0 votes
ago by (170 points)

I'm using the FileServer component for SFTP transfers, and I'd like to support post-quantum key exchange to protected against harvest-now-decrypt-later attacks.

Could the mlkem768x25519-sha256 and sntrup761x25519-sha512 algorithms be included in a future update please?

Applies to: Rebex SFTP, Rebex Terminal Emulation

1 Answer

+1 vote
ago by (76.5k points)
edited ago by

Post-quantum cryptography is currently one of our priorities. Actually, support for ML-KEM ciphers has already been added in 8.0 release candidate 3 prerelease version, and can be enabled like this:

var server = new FileServer();
server.Settings.SshParameters.KeyExchangeAlgorithms |= 
    SshKeyExchangeAlgorithm.MLKem768 |
    SshKeyExchangeAlgorithm.MLKem1024;

This enables "mlkem768x25519-sha256", "mlkem768nistp256-sha256" and "mlkem1024nistp384-sha384", as long as the underlying .NET supports both ML-KEM the elliptic algorithm.

However, please note that ML-KEM is supported natively on .NET 10 only. For other frameworks, a plugin is needed. The plugin is not publicly available yet, so if you want to try it now, please leave a comment here and I will provide a download link.

For now, we won't be adding support for "sntrup761x25519-sha512", mostly due to lack of support for this algorithm in .NET 10 and Windows. This might come with version 9.0 (via a plugin), but we'll be concentrating on adding ML-DSA support first.

ago by (170 points)
Thanks! Are the release candidates considered production-ready or should I wait for the GA release?
ago by (76.5k points)
Yes, the release candidates are production-ready. They are tested the same way as GA release.
However, some features or APIs (especially new ones) may be changed in the GA release. Once we publish a GA version, we try hard not to change the API or existing functionality within a major version (e.g., within the current 7.0.xxxx version). API changes or functionality changes are reserved for new major versions - except for bugfixes, of course.
ago by (151k points)
To clarify: Only the latest release candidate is supported in production. Once the final 8.0 is published, release candidate users are expected to upgrade to 8.0.
ago by (151k points)
Additionally, I clarified that we are only going to support ML-KEM for now. NTRU support might come later.
...