Get Started with Qudo PQC

Two paths to quantum-safe — install the provider for your servers, add an SDK for your code.

Home / Get Started

PQC for Your Servers

Install the Qudo OpenSSL provider plugin. NGINX, Apache, HAProxy, and curl get hybrid PQC TLS — zero code changes.

Prerequisites

Ensure your system meets these requirements before downloading.

openssl version
# OpenSSL 3.5.0 8 Apr 2025
macOS: System openssl is LibreSSL. Use Homebrew: brew install openssl@3

1. Download Qudo PQC Provider

A custom OpenSSL provider plugin that adds ML-DSA, ML-KEM, and SLH-DSA to any OpenSSL 3.4+ installation.

Choose the binary for your operating system and architecture.

🐧

Linux

x86_64
Filequdo-pqc-v0.1.0-linux-x86_64.tar.gz
Size375 KB
Download
🐧

Linux

aarch64 / ARM64
Filequdo-pqc-v0.1.0-linux-arm64.tar.gz
Size318 KB
Download
🍏

macOS

Apple Silicon (arm64)
Filequdo-pqc-v0.1.0-macos-arm64.tar.gz
Size247 KB
Download
🍏

macOS

Intel (x86_64)
Filequdo-pqc-v0.1.0-macos-x86_64.tar.gz
Size306 KB
Download
💻

Windows

x86_64
Filequdo-pqc-v0.1.0-windows-x86_64.zip
Size176 KB
Download

Checksums: SHA256SUMS

2. Extract & Install

Extract the downloaded archive and copy the provider and PQC library into your OpenSSL directories.

tar -xzf qudo-pqc-v0.1.0-linux-x86_64.tar.gz && cd qudo-pqc-v0.1.0-linux-x86_64
export MODULES=$(openssl version -m | sed 's/.*"\(.*\)"/\1/')
sudo cp ossl-modules/qudoprovider.so $MODULES/
sudo cp lib/libqudo-pqc.so $(dirname $MODULES)/
3 Configure OpenSSL Add provider to openssl.cnf

Find your config: openssl version -d

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
qudoprovider = qudoprovider_sect

[default_sect]
activate = 1

[qudoprovider_sect]
activate = 1
module = /usr/lib/ossl-modules/qudoprovider.so
# macOS:   module = /opt/homebrew/lib/ossl-modules/qudoprovider.dylib
# Windows: module = C:\OpenSSL\lib\ossl-modules\qudoprovider.dll
Once configured, every OpenSSL-linked application (NGINX, Apache, HAProxy, curl) will automatically have access to all PQC algorithms.
4 Verify Provider Confirm Qudo is active in OpenSSL 
openssl list -providers -provider qudoprovider
# qudoprovider — name: OpenSSL QUDO Provider, version: 1.0.0, status: active

openssl list -kem-algorithms -provider qudoprovider
openssl list -signature-algorithms -provider qudoprovider
5 Verify Hybrid TLS Test X25519MLKEM768 handshake 
# Generate test cert
openssl req -x509 -newkey rsa:2048 -keyout server.key \
  -out server.pem -days 365 -nodes -subj "/CN=localhost"

# Start PQC TLS server (terminal 1)
openssl s_server -provider qudoprovider -provider default \
  -groups X25519MLKEM768 -cert server.pem -key server.key -www

# Connect with PQC client (terminal 2)
openssl s_client -provider qudoprovider -provider default \
  -groups X25519MLKEM768 -connect localhost:4433

# Expected:  Server Temp Key: X25519MLKEM768

6. Enable PQC on Your Servers

Add one line to your server config. Clients that support hybrid PQC get quantum-safe forward secrecy; others fall back automatically.

NGINX

ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519MLKEM768:X25519:P-384;

Apache

SSLProtocol TLSv1.3
SSLOpenSSLConfCmd Groups X25519MLKEM768:X25519:P-384

HAProxy

bind *:443 ssl crt /etc/ssl/certs/server.pem curves X25519MLKEM768:X25519
Done. All traffic through these servers is now quantum-safe. Your backend apps connect through them unchanged.

PQC for Your Code

Use language SDKs for PQC crypto inside your application — JWT signing, email encryption, KEM, code signing, VPN handshakes.

1. Choose Your SDK

Every SDK wraps the same libqudo-pqc cryptographic module. Cross-language interop guaranteed.

Java

Available
Modulesqudo-jni-crypto + spring-boot-starter
Installgit clone && mvn install
View SDK →
🔨

C / C++

Available
BindingDirect libqudo-pqc API
Headerqudo_pqc.h
View Source →
🐍

Python

Coming soon
Bindingctypes / CFFI
Installpip install qudo-pqc
🚀

Go

Coming soon
BindingCGo wrapper
Installgo get .../qudo-pqc-go
🦀

Rust

Coming soon
BindingFFI bindings
Installcargo add qudo-pqc
🌐

Node.js

Coming soon
BindingN-API addon
Installnpm install @qudo/pqc

2. Java Integration

Three steps to add PQC to your Java application.

a

Add Dependency

Spring Boot (recommended) — auto-configures QudoPqcService + health indicator:

<dependency>
    <groupId>com.qudo</groupId>
    <artifactId>qudo-pqc-spring-boot-starter</artifactId>
    <version>1.0.0</version>
</dependency>

Non-Spring? Use qudo-jni-crypto directly. See SDK README.

b

Sign, Verify, Encapsulate

@Autowired QudoPqcService pqc;

// Sign + verify (ML-DSA-65 by default)
var keys = pqc.generateKeyPair();
byte[] sig = pqc.sign(data, keys.privateKeyPem());
boolean ok = pqc.verify(data, sig, keys.publicKeyPem());

// Key encapsulation (ML-KEM-768 by default)
var kem = pqc.kemEncapsulate(peerPubKey);
byte[] sharedSecret = kem.sharedSecret();  // use as AES-256-GCM key
c

Run & Verify

# Start with JNI library path
java -Djava.library.path=/path/to/qudo-pqc/lib -jar your-app.jar

# Check health
curl http://localhost:8080/actuator/health | jq '.components.qudoPqc'
# { "status": "UP", "details": { "provider": "Qudo FIPS", "defaultSignatureAlgorithm": "ML-DSA-65" } }
Ready to integrate? The Migrate section has per-service guides (REST API, gRPC, email, VPN, IoT, blockchain...) with interactive API tests and copy-paste code.

Resources

Qudo PQC Providergithub.com/ZenVInnovations/qudo-pqc-provider
Qudo PQC Java SDKgithub.com/ZenVInnovations/qudo-pqc-java
Enterprisesupport@zenv.ai

Next Steps

Your system is PQC-ready

Transport: servers negotiate hybrid PQC TLS. Application: your code signs, verifies, and encapsulates with the Qudo SDK.

Migrate Services → Compliance Guide → Choose Algorithm →
Qudo PQC Developer Portal · Get Started