A Reality Check on Crypto-Agility

The Myth of “Quantum-Ready” HSMs

by Steve Monti SafeCipher.com

In the past year, we’ve seen big HSM vendors (no names mentioned, but you know who you are), push the narrative that upgrading to post-quantum cryptography (PQC) is as simple as a firmware update.

Their marketing material suggests that with a few clicks, enterprises can “future-proof” their cryptographic infrastructure against quantum threats.

Spoiler Alert: It’s Not That Simple.

While firmware updates are an important part of enabling PQC algorithms in HSMs, they do not solve the massive migration challenges that enterprises will face when transitioning from classical RSA/ECC cryptography to quantum-safe alternatives.

Let’s break down the real challenges that are conveniently left out of these vendor pitches.

1. You Can’t Just “Upgrade” Your PKI

Every organization using HSMs for PKI (Public Key Infrastructure) needs to understand one fundamental truth: you cannot simply replace RSA or ECC with post-quantum algorithms in an existing CA hierarchy.

  • Why? Existing root and subordinate CAs rely on classical cryptographic signatures, which cannot be retrofitted to use PQC.
  • What’s Required? A complete PKI rebuild with new root and issuing CAs using quantum-safe algorithms.
  • Impact? Enterprises relying on trusted CA chains, hardware-based cryptographic signatures, and certificate lifecycles will have to run parallel PKI systems (one classical, one PQC) for a long transition period.

Reality Check: This is not a firmware update—it’s an infrastructure overhaul.

2. Key Migration is NOT Possible

Another misleading implication is that organizations can seamlessly migrate their cryptographic keys from RSA/ECC to PQC algorithms.

  • Fact: Legacy keys cannot be “upgraded” to quantum-safe algorithms.
  • Why? PQC keys have different mathematical properties and require an entirely new cryptographic foundation.
  • What’s Required? Organizations must re-enroll all identities, devices, and workloads with freshly generated post-quantum key pairs.

Translation: Every single entity (users, devices, applications) that relies on cryptographic keys will need a new enrolment process and new certificate issuance.

Reality Check: Key migration means re-architecting cryptographic workflows—not just enabling a firmware option.

3. PQC Algorithms Are Not Drop-in Replacements

HSM vendors claim that their solutions will support post-quantum algorithms like:

  • ML-KEM (Kyber) for key exchange
  • ML-DSA (Dilithium), FN-DSA (Falcon), SLH-DSA (SPHINCS+) for signatures
  • Leighton-Micali Signatures (LMS) for firmware signing

However, integrating these into production environments is a massive challenge:

  • API Updates Needed: Most applications rely on PKCS#11, Microsoft CNG, Java JCE, and OpenSSL. Not all of these currently support PQC.
  • Protocol Compatibility Issues: Many security protocols (TLS, SSH, S/MIME, VPNs) do not yet support PQC algorithms at scale.
  • Performance Trade-Offs: PQC keys are significantly larger than RSA/ECC keys, impacting storage, transmission, and cryptographic processing speeds.

Reality Check: A post-quantum-ready HSM means nothing if your applications and protocols don’t support PQC.

4. Compliance and Certification Are Lagging Behind

HSM vendors are quick to promote CNSA 2.0 compliance and alignment with NIST post-quantum standards—but here’s the issue:

  • Regulatory bodies have not finalized transition plans. Organizations under compliance frameworks like FIPS 140-3, GDPR, HIPAA, PCI DSS will need to validate how and when PQC adoption aligns with their compliance requirements.
  • No organization can rush PQC deployment without ensuring regulatory approval, security assessments, and auditability.

Reality Check: Enterprises cannot deploy quantum-safe cryptography just because a vendor enables it—compliance and governance take time.

5. The “Crypto-Agility” Illusion

The term “crypto-agility” is thrown around as if organizations can swap out cryptographic algorithms like changing a battery in a remote.

 The truth? Crypto-agility is a multi-year effort that requires:

Inventorying and mapping all cryptographic dependencies.
Updating software libraries and applications to support PQC.
Redesigning PKI and CA trust models.
Ensuring interoperability between old and new cryptographic standards.
Comprehensive testing before deployment.

Reality Check: Crypto-agility is not a button you press—it’s a long-term migration plan requiring extensive risk assessment and phased deployment.

The Path Forward: A Realistic Approach

Instead of buying into vendor hype, organizations should take a strategic and measured approach to post-quantum migration:

 1. Assess Cryptographic Inventory

  • Identify all cryptographic dependencies across infrastructure.
  • Understand which applications, protocols, and services rely on RSA/ECC.

 2. Develop a Hybrid Transition Plan

  • Consider hybrid certificates (classical + PQC) for backward compatibility.
  • Deploy dual certificate authorities to support both cryptographic paradigms.

3. Test PQC Algorithms in a Controlled Environment

  • Implement PQC test environments with non-production systems.
  • Evaluate performance, interoperability, and compliance impacts.

 4. Plan for Long-Term Crypto-Agility

  • Use modular security architectures to enable future cryptographic updates.
  • Monitor evolving NIST PQC standards and industry adoption trends.

Final Thought: Don’t Fall for the Marketing Hype

HSM vendors want you to believe that securing your organization against quantum threats is as easy as a firmware upgrade—it’s not.

The real work involves:

  • Rebuilding PKI and certificate infrastructures
  • Rearchitecting cryptographic workflows
  • Updating protocols, APIs, and application dependencies
  • Ensuring regulatory compliance and industry alignment

Take control of your quantum security roadmap. Focus on real crypto-agility, not marketing illusions. The transition to post-quantum cryptography will take years, and organizations need a realistic plan—not just a firmware update.