One platform for the
post-quantum era.
MyPQC is a single, layered stack: a Crypto Agility Core Engine at the foundation, four ready-to-use quantum-safe apps and managed PKI & monitoring services on top, and one API layer for the enterprise software providers and Tier-1 integrators who build on it. Post-quantum by default, sovereign by design, and agile enough to swap algorithms by policy.
Aligned with NIST FIPS 203 / 204 / 205 · sovereign KAZ options alongside · W3C DID data model (v1.1) · Digital Signature Act 1997
The platform at a glance
Four layers, one sovereign foundation
An API layer for builders, four turnkey quantum-safe apps for users, managed services for operators — all resting on the Crypto Agility Core Engine that governs which algorithm runs.
The MyPQC stack: the API layer surfaces the platform to integrators; the ready-to-use apps and managed services sit in the middle; the Crypto Agility Core Engine — risk, agility middleware, PQC orchestration and policy enforcement — is the foundation everything else builds on.
How the platform is layered
Every layer does one job, cleanly
The design deliberately separates the crypto-governance foundation from the apps that use it and the API that exposes it — so each can evolve without breaking the others.
Crypto Agility Core Engine — the foundation
The policy-driven abstraction layer beneath everything: crypto-risk assessment, agility middleware, PQC orchestration and enterprise-wide policy enforcement. A CISO changes the algorithm for a cryptographic purpose from one portal and every connected system applies it — with no application code changes or redeployment.
Ready-to-use apps
Turnkey quantum-safe applications built directly on the core engine: Sovereign PQC Digital ID, Document Signing, and Secure File Sharing & Storage — with quantum-safe Messaging & Video on the roadmap. Deploy the app suite rather than assembling crypto yourself.
Managed services
Operated capabilities that keep the estate healthy: PQC certificate issuance & management, digital-ID management, and continuous cryptography inventory & monitoring — the observability and PKI plane that feeds the core engine what it needs to govern.
API layer
One clean, versioned integration surface for third-party enterprise software providers and Tier-1 system integrators — so partners can embed quantum-safe identity, signing, sharing and crypto-agility into their own products without building cryptography from scratch.
The four apps
Ready-to-use, quantum-safe, and crypto-agile from day one
Adopt the whole suite or start with a single app. Each is PQC-native and inherits the same trust anchor, policy model and tamper-evident audit spine.
Sovereign PQC Digital ID
Self-sovereign, W3C-DID-aligned identity with post-quantum keys and X.509 linkage for legally recognized signatures in Malaysia.
Learn moreMCert — Crypto Inventory
Continuously discover, inventory and monitor every cryptographic asset — CBOM/SBOM, quantum-risk scoring and signed regulator reporting.
Learn moreDocument Signing
Add a post-quantum signature to any file — including PDFs — that anyone can verify with no PQC software of their own.
Learn moreSecure File Sharing
End-to-end encrypted sharing with per-recipient PQC key wrapping, revocation, expiry and cryptographic shredding after delivery.
Learn moreQuantum-safe Messaging & Video
Sovereign, post-quantum messaging and video on the same platform trust model and Crypto Agility Core Engine — on the roadmap.
Learn moreHow migration works
Discover → Govern → Prove
MyPQC turns post-quantum migration from a one-off project into a repeatable, auditable program — visibility first, policy-driven control next, verifiable evidence last.
Discover
MCert's containerized, ephemeral scanners find every algorithm, certificate, key, protocol and crypto library across servers, apps, network devices, containers and code — normalized to CycloneDX CBOM/SBOM and scored for quantum risk. You can't migrate what you can't see.
Govern
The Crypto Agility Core Engine turns those findings into policy. Bind a cryptographic purpose to an algorithm, schedule a transition with an effective date, and every connected system switches automatically — no redeploy — while the self-describing envelope keeps everything already encrypted or signed verifiable.
Prove
Signed, optionally encrypted CBOM and risk reports and a tamper-evident audit trail show exactly which algorithms are in use and how far migration has progressed — with the next scan auto-verifying remediation against the live environment.
Why sovereign & standards-based
Aligned with the NIST standards. Sovereign by choice.
MyPQC implements the finalized NIST post-quantum algorithms and offers Malaysian sovereign options alongside them — because crypto-agility means the choice should never be locked in. You standardize on open standards and keep the freedom to swap algorithms by policy as guidance evolves.
Aligned with NIST FIPS 203 / 204 / 205. MyPQC implements ML-KEM, ML-DSA and SLH-DSA — the finalized NIST PQC standards. (Standards alignment, not a FIPS-140 validation claim.)
Sovereign KAZ options alongside. KAZ-SIGN and KAZ-KEM are optional, policy-selectable Malaysian sovereign algorithms offered alongside the NIST standards — never a replacement for them, and swappable at any time.
Digital Signature Act 1997 alignment. Identity and signing are designed to link to an X.509 certificate from an MCMC-licensed CA for legal recognition — a deployment capability, not an automatic guarantee.
On a credible timeline. NIST's proposed roadmap (draft IR 8547) would deprecate RSA/ECC around 2030 and disallow them around 2035 — and "harvest now, decrypt later" already puts today's encrypted data at risk.
Standards & algorithms
| Purpose | NIST standard | Sovereign option |
|---|---|---|
| Key encapsulation | ML-KEM · FIPS 203 | KAZ-KEM (optional) |
| Digital signatures | ML-DSA · FIPS 204 | KAZ-SIGN (optional) |
| Hash-based signatures | SLH-DSA · FIPS 205 | — |
| Symmetric encryption | AES-256-GCM | — |
| Crypto inventory | CycloneDX CBOM / SBOM | MySEAL / NACSA mapping |
Reporting maps to NIST SP 800-131A, MySEAL, NACSA and BNM RMiT, with secure regulator transfer to NACSA and Bank Negara Malaysia. Identity is adapted from the W3C DID data model (v1.1, a Candidate Recommendation).
See the whole platform in action
Get a walkthrough of the layered stack and a quantum-readiness assessment for your organization.