Architecture playbook: crypto-agility for the post-quantum era. Learn more
One platform · four paths

Solutions for every role.

The platform meets you where you are. Whether you govern crypto risk for a regulated enterprise, ship code, run sovereign infrastructure, or build on top of a partner stack — MyPQC gives you a post-quantum path that fits how you already work.

Enterprise & CISOs · Developers · Government · System integrators

For Enterprise & CISOs

Quantum-readiness for regulated industries

You can't migrate what you can't see — and you can't afford to re-engineer every application to change an algorithm. MyPQC turns post-quantum migration into a governed, repeatable program: inventory, then agility, then a controlled migration.

The pains

  • No single view of which algorithms actually run across servers, apps, and code — so no way to know what's quantum-vulnerable first.
  • Cryptography is hard-wired into applications, so any change means a re-engineering project instead of a policy decision.
  • Regulators and boards want evidence of a migration plan mapped to recognized guidelines — not a spreadsheet.

Framed against NIST's proposed timeline (draft NIST IR 8547) to deprecate RSA/ECC around 2030 and disallow them around 2035, and Malaysia's national post-quantum migration priorities.

How MyPQC helps

1 · Inventory

MCert continuously discovers your crypto estate and generates a CycloneDX CBOM/SBOM, with quantum-risk scoring so you know what to migrate first.

2 · Agility

The Crypto Agility Core Engine governs which algorithm runs as policy, not code — schedule an effective-dated transition and connected systems switch without a redeploy.

3 · Migration

A controlled path off quantum-vulnerable algorithms, with a tamper-evident audit trail and compliance mapping to NIST 800-131A, MySEAL, NACSA, and BNM RMiT.

For Developers

Drop-in crypto-agility, code-first

Add post-quantum cryptography to the Java Cryptography API you already write. Register the Antrapol JCE provider behind your existing Signature, Cipher, and KeyPairGenerator calls — target under 5% cryptographic code change (a design target).

Drop-in, not rewrite

Registers as a standard Java Security Provider behind your existing JCE calls — no bespoke crypto API to learn, on a Java 17 toolchain.

PQC as first-class algorithms

ML-DSA (FIPS 204), SLH-DSA (FIPS 205), ML-KEM (FIPS 203), and the sovereign KAZ-SIGN ship as native services — swap classical to post-quantum by policy, not by refactor.

Self-describing outputs

An agility envelope packages algorithm and variant metadata with every output, so signatures and ciphertext stay verifiable and decryptable after your default algorithm changes.

QuantumSafeSigning.java
import java.security.*;
import com.antrapol.jce.Antrapol;

Antrapol.install();

// Post-quantum ML-DSA (FIPS 204) through the standard JCE API
KeyPairGenerator kpg =
    KeyPairGenerator.getInstance("ML-DSA", "Antrapol");
KeyPair kp = kpg.generateKeyPair();

Signature signer = Signature.getInstance("ML-DSA-65", "Antrapol");
signer.initSign(kp.getPrivate());
signer.update(payload);
byte[] sig = signer.sign(); // agility-encoded, quantum-safe

For Government

Sovereign infrastructure for national PQC migration

Malaysia-built and Malaysia-controlled: sovereign KAZ algorithms offered alongside the NIST PQC standards, identity and signing designed around the Digital Signature Act 1997, and a controlled national path off quantum-vulnerable cryptography.

Sovereign, policy-selectable algorithms

Sovereign KAZ-SIGN and KAZ-KEM are offered alongside NIST ML-DSA, ML-KEM, and SLH-DSA — an optional, policy-selectable Malaysian choice that crypto-agility lets you swap at any time.

Aligned to the DSA 1997

Sovereign PQC Digital ID links to an X.509 certificate so signatures can carry Digital Signature Act 1997 legal recognition when issued under an MCMC-licensed CA — a deployment capability, delivered as design intent.

National crypto visibility

MCert gives continuous national cryptographic visibility, with signed, encrypted reporting to NACSA and Bank Negara Malaysia over a secure channel, mapped to MySEAL and PTPKM.

Aligned with Malaysia's national post-quantum migration priorities and the MyDigital agenda.

For System Integrators

Build on the MyPQC API layer

Embed quantum-safe identity, signing, and file sharing into your solutions without building cryptography yourself. One standards-based API surface over the whole platform — multi-tenant, with per-subscriber isolation.

One API over the platform

A single integration surface across the four apps, the crypto-agility engine, and managed PKI — so you consume capabilities instead of reimplementing crypto.

Standards-based interfaces

JCE, gRPC / Dubbo Triple / REST, CycloneDX, the W3C DID data model, and OpenAPI 3.0 — designed to slot into existing architectures.

Multi-tenant by design

Per-subscriber isolation lets you serve many clients on one platform, and embed PQC ID, signing, and secure file sharing into each solution.

Find the post-quantum path that fits your role

Tell us where you're starting — governance, code, sovereign deployment, or integration — and we'll show you the fastest route to quantum-safe.