iOS 26 adds post-quantum ML-DSA keys in Secure Enclave; Android support remains partial
Apple's iOS 26 introduced hardware-backed ML-DSA post-quantum signing keys inside the Secure Enclave, using a familiar CryptoKit API that ties biometric authentication directly to the key rather than app logic. A developer building a cross-platform Capacitor plugin found iOS support straightforward, with private keys never leaving the device's secure processor. Android's Keystore similarly supports ML-DSA key generation with per-operation biometric authentication, offering comparable signing capabilities. However, Android does not expose ML-KEM, the post-quantum key encapsulation standard, to app-level code through the Keystore API, despite the algorithm being present in the device's secure hardware. This gap forces developers to implement ML-KEM in software on Android, requiring extra steps to protect the private key by encrypting it with a hardware-backed, auth-gated Keystore key.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in