Platform

The quantum-safe cryptography platform

PostQ provides a unified control plane to discover, migrate, and enforce post-quantum cryptography across your entire cloud infrastructure.

Architecture

How PostQ fits into your stack

PostQ sits between your applications and key management systems, intercepting cryptographic operations and layering in post-quantum algorithms transparently.

Web App

API Service

CI/CD Pipeline

IoT Devices

PostQ Control Plane

ScannerHybrid SignerPolicy EngineDashboard

Azure Key Vault

AWS KMS

HashiCorp Vault

GCP KMS

Discovery

Quantum Risk Scanner

PostQ scans your entire cloud environment to build a comprehensive map of cryptographic algorithm usage. It identifies every instance of RSA, ECC, and other quantum-vulnerable algorithms, then calculates a risk score and generates a prioritized migration plan.

TLS certificate inventory across all endpoints
Signing key algorithm analysis
Encrypted storage cipher detection
"Harvest now, decrypt later" risk assessment
Prioritized remediation roadmap

Quantum Risk ScoreHigh Risk

72% of cryptographic operations use quantum-vulnerable algorithms

RSA-20481,247 endpoints

Critical

ECDSA P-256834 signing keys

High

AES-256-GCM2,103 data stores

Low

verify.ts

// Verify a hybrid signature
const result = await fetch("https://api.postq.io/v1/verify", {
  method: "POST",
  headers: {
    "Authorization": "Bearer pq_live_...",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    payload: "SGVsbG8gUXVhbnR1bSBXb3JsZA==",
    signature: sig.combined,
    key_id: "vault://signing/production"
  })
});

const { valid, classical_valid, pq_valid } = await result.json();
// → valid: true (both components verified)

Hybrid Cryptography

Classical + post-quantum, combined

PostQ’s hybrid signing layer combines classical algorithms (Ed25519, ECDSA) with post-quantum algorithms (Dilithium, Falcon) in a single composite signature. If either algorithm is compromised, the other still protects your data.

<5ms

Signing latency

<2ms

Verification

PEM, JWK, DER

Key formats

ML-DSA, ML-KEM

Algorithms

Governance

Policy as code for cryptography

Define cryptographic policies in YAML and apply them across your entire infrastructure. Enforce rules like “no classical-only signatures in production” and get alerts when services deviate.

Declarative YAML-based policy definitions
Enforce, warn, or audit modes per rule
Per-environment and per-service granularity
Integration with Slack, PagerDuty, and webhooks
Compliance reports for NIST SP 800-208

postq-policy.yaml

# postq-policy.yaml
apiVersion: postq.io/v1
kind: CryptoPolicy
metadata:
  name: production-enforcement
spec:
  environments:
    - production
    - staging
  rules:
    - name: require-hybrid-signing
      action: enforce
      match:
        operation: sign
      require:
        algorithm_class: hybrid
    - name: block-rsa-1024
      action: deny
      match:
        algorithm: "RSA-1024"
    - name: warn-classical-only
      action: warn
      match:
        algorithm_class: classical
      notify:
        channel: "#security-alerts"

Observability

Full visibility into your cryptographic posture

Track PQ adoption, monitor algorithm usage, and detect insecure patterns in real time across all your systems.

PostQ Dashboard — Crypto Observability

Total Endpoints

4,184

+12% this month

PQ-Ready

1,847

+28% this month

Hybrid Active

923

+45% this month

Policy Violations

-62% this month

PQ Adoption Over Time

JanMarJunSepDec

Ready to get started?

Run your first quantum risk scan and see exactly where your infrastructure is vulnerable.

Start Free Scan View Pricing