Post-Quantum Signing Keys That Never Leave the Secure Enclave
iOS 26 adds Secure Enclave-backed ML-DSA post-quantum signing, but Android hides ML-KEM from apps. A new Capacitor plugin bridges the gap securely.
iOS 26's CryptoKit now supports ML-DSA (FIPS 204) post-quantum signing keys directly in the Secure Enclave, using the same API shape as the existing P256 implementation. The private key is generated inside the SEP, never exists in plaintext outside it, and Face ID authentication is enforced by the hardware itself rather than by application logic.
A developer built a cross-platform Capacitor plugin around this and surfaced a significant asymmetry: Android's Keystore supports ML-DSA with per-operation biometric auth, but does not expose ML-KEM (FIPS 203) key encapsulation to app code at all, even though the same secure hardware already uses it internally for attestation and TLS.
To work around this gap, the plugin implements ML-KEM in software via BouncyCastle and encrypts the private key at rest with an auth-required, Keystore-backed AES key. It uses the CryptoObject pattern in BiometricPrompt to prevent a known callback-hooking bypass (GHSA-vx5f-vmr6-32wf) that lets rooted devices skip biometric checks entirely.
The iOS behavior has been verified on real hardware, while the Android path has only been validated on an emulator running software-backed KeyMint. The plugin exposes a runtime hardwareBacked flag so integrators can base trust on actual attestation status rather than assumptions.