Post-Quantum Algorithms in IPWorks, IPWorks SSH, and SecureBlackbox
Introduction
IPWorks, IPWorks SSH, and SecureBlackbox support post-quantum (PQ) cryptography based on the NIST standards ML-KEM (FIPS 203, formerly known as CRYSTALS-Kyber) for key exchange and ML-DSA (FIPS 204, formerly known as CRYSTALS-Dilithium) for digital signatures. These algorithms are designed to remain secure against attacks from quantum computers and are now standardized through NIST and IANA.
This article describes the algorithms available in our TLS, SSH, and digital signature components, how to configure them, and the platform prerequisites for using them.
Contents
IPWorks Post-Quantum Support
Prerequisites
Post-quantum algorithms in IPWorks rely on the operating system's underlying cryptographic primitives. The following platforms are currently supported:
- Windows Server 2025
- Windows 11 24H2
- Windows 11 25H2
Supported Algorithms
IPWorks (TLS 1.3)
The following named groups are supported for use in TLS 1.3 key exchange. Hybrid groups combine a classical elliptic-curve key exchange with ML-KEM so that a compromise of either component still leaves the shared secret confidential.
| IPWorks identifier | Standard name | IANA codepoint | Type |
|---|---|---|---|
| mlkem_512 | MLKEM512 | 0x0200 | Pure ML-KEM |
| mlkem_768 | MLKEM768 | 0x0201 | Pure ML-KEM |
| mlkem_1024 | MLKEM1024 | 0x0202 | Pure ML-KEM |
| secp256r1_mlkem_768 | SecP256r1MLKEM768 | 0x11EB | Hybrid (P-256 + ML-KEM-768) |
| x25519_mlkem_768 | X25519MLKEM768 | 0x11EC | Hybrid (X25519 + ML-KEM-768) |
| secp384r1_mlkem_1024 | SecP384r1MLKEM1024 | 0x11ED | Hybrid (P-384 + ML-KEM-1024) |
IPWorks SSH
The following SSH key exchange algorithm is supported:
| Algorithm | Type |
|---|---|
| mlkem768x25519-sha256 | Hybrid (X25519 + ML-KEM-768, SHA-256 transcript hash) |
Configuring IPWorks TLS Components
Post-quantum key exchange in TLS requires the internal security API (our cross-platform TLS implementation) and TLS 1.3. The PQ groups are not exposed through the platform's SChannel today, so UseInternalSecurityAPI must be enabled.
The SSLEnabledProtocols value 12288 (0x3000) is the bit mask for TLS 1.3.
The TLS13SupportedGroups configuration setting accepts a comma-separated, ordered list of the identifiers from the table above. The order expresses preference: the first mutually-supported group wins.
Server Configuration
tcpserver.Config("UseInternalSecurityAPI=true");
tcpserver.Config("SSLEnabledProtocols=12288");
tcpserver.Config("TLS13SupportedGroups=mlkem_512,mlkem_768,mlkem_1024,x25519_mlkem_768,secp256r1_mlkem_768");
Client Configuration
tcpclient.Config("UseInternalSecurityAPI=true");
tcpclient.Config("SSLEnabledProtocols=12288");
tcpclient.Config("TLS13SupportedGroups=mlkem_512,mlkem_768,mlkem_1024,x25519_mlkem_768,secp256r1_mlkem_768");
The same configuration pattern applies to any TLS-enabled IPWorks component (e.g., HTTPClient, SMTP, FTP, etc.) , set the three options on the component before initiating the connection.
Configuring IPWorks SSH Components
To enable post-quantum key exchange in IPWorks SSH, set the SSHKeyExchangeAlgorithms configuration setting to include mlkem768x25519-sha256. The same setting is available on both server- and client-side SSH components.
sftpserver.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256");
On the client side:
sftp.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256");
As with TLS, the configuration value is a comma-separated, ordered list when multiple algorithms are offered. To prefer the PQ algorithm but allow falling back to classical key exchange, include classical algorithms after it:
sftp.Config("SSHKeyExchangeAlgorithms=mlkem768x25519-sha256,curve25519-sha256,ecdh-sha2-nistp256");
SecureBlackbox Post-Quantum Support
SecureBlackbox supports post-quantum cryptography across all editions, platforms, and protocol layers, with PQC mechanisms enabled by default. Most usage is transparent: when a TLS or SSH negotiation can settle on a post-quantum or hybrid algorithm, or when a digital signature operation finds an ML-DSA key in the supplied certificate, the post-quantum path is taken automatically.
Supported Platforms
SecureBlackbox's PQC support is available on every platform and edition the product ships on. The supported operating systems are Windows (all versions), macOS, Linux, iOS, and Android, and the supported editions are .NET, Java, C++, Delphi, PHP, and Python.
Supported Algorithms
At the foundation level, SecureBlackbox implements both NIST post-quantum standards: ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium) for digital signatures, available in the ML-DSA-44, ML-DSA-65, and ML-DSA-87 parameter sets; and ML-KEM (FIPS 203, formerly CRYSTALS-Kyber) for key encapsulation, available in the ML-KEM-512, ML-KEM-768, and ML-KEM-1024 parameter sets. These foundation algorithms surface differently depending on the protocol or document format.
TLS
The following named groups are supported for use in TLS 1.3 key exchange. Hybrid groups combine a classical elliptic-curve key exchange with ML-KEM so that a compromise of either component still leaves the shared secret confidential.
| Algorithm | Type |
|---|---|
| MLKEM512 | Pure ML-KEM |
| MLKEM768 | Pure ML-KEM |
| MLKEM1024 | Pure ML-KEM |
| SECP256R1MLKEM768 | Hybrid (P-256 + ML-KEM-768) |
| X25519MLKEM768 | Hybrid (X25519 + ML-KEM-768) |
| SECP384R1MLKEM1024 | Hybrid (P-384 + ML-KEM-1024) |
For TLS authentication, X.509 certificates carrying ML-DSA-44, ML-DSA-65, or ML-DSA-87 keys are supported on both the client and server sides.
SSH
The following SSH key exchange algorithms are supported. All three are hybrids combining a classical key exchange with ML-KEM.
| Algorithm | Type |
|---|---|
| mlkem768nistp256-sha256 | Hybrid (P-256 + ML-KEM-768, SHA-256 transcript hash) |
| mlkem1024nistp384-sha384 | Hybrid (P-384 + ML-KEM-1024, SHA-384 transcript hash) |
| mlkem768x25519-sha256 | Hybrid (X25519 + ML-KEM-768, SHA-256 transcript hash) |
For SSH public-key authentication, ssh-mldsa-44, ssh-mldsa-65, and ssh-mldsa-87 are supported.
Digital Signatures
All ML-DSA parameter sets: ML-DSA-44, ML-DSA-65, and ML-DSA-87, are supported for signing and verification in the advanced electronic signature components: CAdES, XAdES, PAdES, and JAdES.
Configuring SecureBlackbox TLS Components
Post-quantum key exchange and ML-DSA authentication are enabled by default in SecureBlackbox's TLS components. The component selects the post-quantum path automatically when the peer's supported groups include a mutually-acceptable ML-KEM or hybrid group, and uses ML-DSA for authentication whenever the supplied certificate chain carries an ML-DSA key.
To enable ML-DSA authentication on the client or server, assign a certificate chain carrying an ML-DSA key to the corresponding chain property:
// CertificateStorage contains an ML-DSA certificate chain
tlsClient.TLSClientChain = storage.Certificates;
tlsServer.TLSServerChain = storage.Certificates;
This is no different from how the component picks up RSA or ECDSA authentication; it follows the supplied key material.
The set of enabled ML-KEM and hybrid groups is controlled through the TLSSettings.Groups property. The property accepts a semicolon-delimited list using + and - tokens to enable or disable individual groups and the all keyword as a blanket selector. The example below enables x25519mlkem768 and disables secp256r1mlkem768:
tlsClient.TLSSettings.Groups = "+x25519mlkem768;-secp256r1mlkem768";
Configuring SecureBlackbox SSH Components
Post-quantum key exchange and ML-DSA public-key authentication are enabled by default in SecureBlackbox's SSH components.
The set of enabled SSH key exchange algorithms is controlled through the SSHSettings.KexAlgorithms property, using the same semicolon-delimited list syntax as the TLS Groups property. The example below disables every default algorithm and re-enables a single post-quantum hybrid:
sftpClient.SSHSettings.KexAlgorithms = "-all;mlkem768nistp256-sha256";
The set of enabled public-key authentication algorithms, including the ML-DSA variants, is controlled through the SSHSettings.PublicKeyAlgorithms property, which uses the same syntax. The example below enables the smaller two ML-DSA parameter sets and disables the largest, while also disabling the classical rsa-sha2-256:
sftpClient.SSHSettings.PublicKeyAlgorithms =
"+ssh-mldsa-44;+ssh-mldsa-65;-ssh-mldsa-87;-rsa-sha2-256";
Configuring SecureBlackbox Digital Signature Components
For the advanced electronic signature components: CAdES, XAdES, PAdES, and JAdES, ML-DSA signing is engaged automatically when the signing certificate carries an ML-DSA key. No additional configuration setting is required: the signature operation selects the appropriate ML-DSA parameter set based on the key material in the supplied certificate.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.