Post-Quantum Algorithms in IPWorks, IPWorks SSH, and SecureBlackbox


Introduction

IPWorks, IPWorks SSH, and SecureBlackbox support post-quantum (PQ) cryptography based on the NIST standards ML-KEM (FIPS 203, formerly known as CRYSTALS-Kyber) for key exchange and ML-DSA (FIPS 204, formerly known as CRYSTALS-Dilithium) for digital signatures. These algorithms are designed to remain secure against attacks from quantum computers and are now standardized through NIST and IANA.

This article describes the algorithms available in our TLS, SSH, and digital signature components, how to configure them, and the platform prerequisites for using them.

Contents

  1. IPWorks Post-Quantum Support
  2. SecureBlackbox Post-Quantum Support

IPWorks Post-Quantum Support

Prerequisites

Post-quantum algorithms in IPWorks rely on the operating system's underlying cryptographic primitives. The following platforms are currently supported:

  • Windows Server 2025
  • Windows 11 24H2
  • Windows 11 25H2

Supported Algorithms

IPWorks (TLS 1.3)

The following named groups are supported for use in TLS 1.3 key exchange. Hybrid groups combine a classical elliptic-curve key exchange with ML-KEM so that a compromise of either component still leaves the shared secret confidential.

IPWorks identifier Standard name IANA codepoint Type
mlkem_512 MLKEM512 0x0200 Pure ML-KEM
mlkem_768 MLKEM768 0x0201 Pure ML-KEM
mlkem_1024 MLKEM1024 0x0202 Pure ML-KEM
secp256r1_mlkem_768 SecP256r1MLKEM768 0x11EB Hybrid (P-256 + ML-KEM-768)
x25519_mlkem_768 X25519MLKEM768 0x11EC Hybrid (X25519 + ML-KEM-768)
secp384r1_mlkem_1024 SecP384r1MLKEM1024 0x11ED Hybrid (P-384 + ML-KEM-1024)

IPWorks SSH

The following SSH key exchange algorithm is supported:

Algorithm Type
mlkem768x25519-sha256 Hybrid (X25519 + ML-KEM-768, SHA-256 transcript hash)

Configuring IPWorks TLS Components

Post-quantum key exchange in TLS requires the internal security API (our cross-platform TLS implementation) and TLS 1.3. The PQ groups are not exposed through the platform's SChannel today, so UseInternalSecurityAPI must be enabled.

The SSLEnabledProtocols value 12288 (0x3000) is the bit mask for TLS 1.3.

The TLS13SupportedGroups configuration setting accepts a comma-separated, ordered list of the identifiers from the table above. The order expresses preference: the first mutually-supported group wins.

Server Configuration

tcpserver.Config("UseInternalSecurityAPI=true"); tcpserver.Config("SSLEnabledProtocols=12288"); tcpserver.Config("TLS13SupportedGroups=mlkem_512,mlkem_768,mlkem_1024,x25519_mlkem_768,secp256r1_mlkem_768");

Client Configuration

tcpclient.Config("UseInternalSecurityAPI=true"); tcpclient.Config("SSLEnabledProtocols=12288"); tcpclient.Config("TLS13SupportedGroups=mlkem_512,mlkem_768,mlkem_1024,x25519_mlkem_768,secp256r1_mlkem_768");

The same configuration pattern applies to any TLS-enabled IPWorks component (e.g., HTTPClient, SMTP, FTP, etc.) , set the three options on the component before initiating the connection.

Configuring IPWorks SSH Components

To enable post-quantum key exchange in IPWorks SSH, set the SSHKeyExchangeAlgorithms configuration setting to include mlkem768x25519-sha256. The same setting is available on both server- and client-side SSH components.

sftpserver.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256");

On the client side:

sftp.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256");

As with TLS, the configuration value is a comma-separated, ordered list when multiple algorithms are offered. To prefer the PQ algorithm but allow falling back to classical key exchange, include classical algorithms after it:

sftp.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256,curve25519-sha256,ecdh-sha2-nistp256");

SecureBlackbox Post-Quantum Support

SecureBlackbox supports post-quantum cryptography across all editions, platforms, and protocol layers, with PQC mechanisms enabled by default. Most usage is transparent: when a TLS or SSH negotiation can settle on a post-quantum or hybrid algorithm, or when a digital signature operation finds an ML-DSA key in the supplied certificate, the post-quantum path is taken automatically.

Supported Platforms

SecureBlackbox's PQC support is available on every platform and edition the product ships on. The supported operating systems are Windows (all versions), macOS, Linux, iOS, and Android, and the supported editions are .NET, Java, C++, Delphi, PHP, and Python.

Supported Algorithms

At the foundation level, SecureBlackbox implements both NIST post-quantum standards: ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium) for digital signatures, available in the ML-DSA-44, ML-DSA-65, and ML-DSA-87 parameter sets; and ML-KEM (FIPS 203, formerly CRYSTALS-Kyber) for key encapsulation, available in the ML-KEM-512, ML-KEM-768, and ML-KEM-1024 parameter sets. These foundation algorithms surface differently depending on the protocol or document format.

TLS

The following named groups are supported for use in TLS 1.3 key exchange. Hybrid groups combine a classical elliptic-curve key exchange with ML-KEM so that a compromise of either component still leaves the shared secret confidential.

Algorithm Type
MLKEM512 Pure ML-KEM
MLKEM768 Pure ML-KEM
MLKEM1024 Pure ML-KEM
SECP256R1MLKEM768 Hybrid (P-256 + ML-KEM-768)
X25519MLKEM768 Hybrid (X25519 + ML-KEM-768)
SECP384R1MLKEM1024 Hybrid (P-384 + ML-KEM-1024)

For TLS authentication, X.509 certificates carrying ML-DSA-44, ML-DSA-65, or ML-DSA-87 keys are supported on both the client and server sides.

SSH

The following SSH key exchange algorithms are supported. All three are hybrids combining a classical key exchange with ML-KEM.

Algorithm Type
mlkem768nistp256-sha256 Hybrid (P-256 + ML-KEM-768, SHA-256 transcript hash)
mlkem1024nistp384-sha384 Hybrid (P-384 + ML-KEM-1024, SHA-384 transcript hash)
mlkem768x25519-sha256 Hybrid (X25519 + ML-KEM-768, SHA-256 transcript hash)

For SSH public-key authentication, ssh-mldsa-44, ssh-mldsa-65, and ssh-mldsa-87 are supported.

Digital Signatures

All ML-DSA parameter sets: ML-DSA-44, ML-DSA-65, and ML-DSA-87, are supported for signing and verification in the advanced electronic signature components: CAdES, XAdES, PAdES, and JAdES.

Configuring SecureBlackbox TLS Components

Post-quantum key exchange and ML-DSA authentication are enabled by default in SecureBlackbox's TLS components. The component selects the post-quantum path automatically when the peer's supported groups include a mutually-acceptable ML-KEM or hybrid group, and uses ML-DSA for authentication whenever the supplied certificate chain carries an ML-DSA key.

To enable ML-DSA authentication on the client or server, assign a certificate chain carrying an ML-DSA key to the corresponding chain property:

// CertificateStorage contains an ML-DSA certificate chain tlsClient.TLSClientChain = storage.Certificates; tlsServer.TLSServerChain = storage.Certificates;

This is no different from how the component picks up RSA or ECDSA authentication; it follows the supplied key material.

The set of enabled ML-KEM and hybrid groups is controlled through the TLSSettings.Groups property. The property accepts a semicolon-delimited list using + and - tokens to enable or disable individual groups and the all keyword as a blanket selector. The example below enables x25519mlkem768 and disables secp256r1mlkem768:

tlsClient.TLSSettings.Groups = "+x25519mlkem768;-secp256r1mlkem768";

Configuring SecureBlackbox SSH Components

Post-quantum key exchange and ML-DSA public-key authentication are enabled by default in SecureBlackbox's SSH components.

The set of enabled SSH key exchange algorithms is controlled through the SSHSettings.KexAlgorithms property, using the same semicolon-delimited list syntax as the TLS Groups property. The example below disables every default algorithm and re-enables a single post-quantum hybrid:

sftpClient.SSHSettings.KexAlgorithms = "-all;mlkem768nistp256-sha256";

The set of enabled public-key authentication algorithms, including the ML-DSA variants, is controlled through the SSHSettings.PublicKeyAlgorithms property, which uses the same syntax. The example below enables the smaller two ML-DSA parameter sets and disables the largest, while also disabling the classical rsa-sha2-256:

sftpClient.SSHSettings.PublicKeyAlgorithms = "+ssh-mldsa-44;+ssh-mldsa-65;-ssh-mldsa-87;-rsa-sha2-256";

Configuring SecureBlackbox Digital Signature Components

For the advanced electronic signature components: CAdES, XAdES, PAdES, and JAdES, ML-DSA signing is engaged automatically when the signing certificate carries an ML-DSA key. No additional configuration setting is required: the signature operation selects the appropriate ML-DSA parameter set based on the key material in the supplied certificate.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.