Building a PQC Lab on a Normal Laptop
I’m building a PQC lab on a standard laptop.
Four cores, 24GB RAM, already carrying my day-to-day workload.
This isn’t a lab environment. It’s the same machine everything else runs on. If something slows down, breaks, or behaves badly, I feel it immediately.
That’s intentional. If PQC introduces real operational cost, this is where it shows up first.
What I’m Setting Up
A minimal PKI environment I can control end-to-end.
A local certificate authority using Smallstep step-ca, containerized with Docker, running on Ubuntu via WSL2.
The choices here aren’t about “best tools.” They’re about reducing setup friction enough to actually get to PQC work. The goal is simple: issue certificates locally, control the trust chain, and introduce PQC into actual flows. Hybrid cryptography, where classical and PQC operate together.
Current State
The CA is up and running, but the environment isn’t clean yet.
After getting it initialized, the first issues weren’t cryptographic. Existing containers were still running, which led to name collisions during redeploy. At the same time, configuration started drifting between the initial interactive setup and a more repeatable, environment-driven approach.
Not complex. Just inconsistent enough to break rebuilds.
PQC isn’t the blocker. My environment is.
Not adding PQC yet, but making the environment something I can tear down and recreate cleanly without guessing what I did last time.
What Comes Next
If the rebuild works, the next steps are:
- Clean container state and remove conflicts
- Reinitialize with environment-driven configuration
- Validate certificate issuance end-to-end
Then:
- Introduce PQC-capable libraries
- Stand up test TLS endpoints
- Validate hybrid handshake behavior
After that:
- Break it intentionally
- Test downgrade scenarios
- Observe where assumptions fail
