Aller au contenu principal
GARANCE · PKI · ML-DSA-87

Sovereign post-quantum PKI
100% Rust, zero Java

GARANCE replaces legacy PKI solutions such as EJBCA with a native post-quantum solution, free of Java dependencies, deployed on-premises or as a SecNumCloud SaaS.

Request a demo All products

Why replace EJBCA?

Traditional Java-based PKIs are vulnerable to quantum attacks and costly to maintain.

Vulnerable JVM

The Java JVM presents a massive attack surface. GARANCE is compiled to a native Rust binary, with no runtime.

No native PQC

EJBCA requires BouncyCastle for ML-DSA. GARANCE natively integrates all NIST PQC algorithms.

Expensive licensing

EJBCA Enterprise licenses are prohibitively expensive. GARANCE is sovereign and transparent.

Features

CA ML-DSA-87

Post-quantum certificate authority using ML-DSA-87 (FIPS 204). Quantum-resistant signatures available today.

EST / CMP / SCEP protocols

Full support for automated enrollment protocols. Seamless integration with existing network equipment.

Multi-tenant

Native multi-tenant architecture. Complete isolation of certificate hierarchies between organizations.

High availability

Active-active replication with automatic failover. High availability for signing and verification operations.

Interoperability

  • X.509v3 — Standard certificates compatible with all browsers and network equipment
  • PKCS#11 — Standard interface for HSMs and cryptographic tokens
  • OCSP / CRL — Real-time revocation and standard certificate revocation lists
  • REST API — Full programmatic integration with mTLS authentication

Compliance

  • eIDAS 2.0 — Compliant with the European digital identity regulation
  • GDPR — Data hosted in France, end-to-end encryption, right to erasure
  • NIS2 — Compliant with the European cybersecurity directive for essential entities
  • SecNumCloud — On-premises deployment or SaaS on SecNumCloud-qualified infrastructure

Deployment models

On-premises

Deployment in your sovereign datacenter. Single binary, YAML configuration, no external dependencies. Ideal for critical infrastructure operators and defense organizations.

SaaS SecNumCloud

PKI-as-a-Service hosted on SecNumCloud-qualified infrastructure. Immediate onboarding, high availability, automatic updates.

Migrate your PKI to post-quantum

Request a demonstration of GARANCE tailored to your existing PKI infrastructure.

Request a demo