HResult 0x80090029 - error NTE_NOT_SUPPORTED for ML-KEM NCryptCreatePersistedKey

Question

Hello Team,

I am enrolled and using in Windows Insider# Window OS 26H1 (OS build 28020.1546)

Getting HResult 0x80090029 is NTE_NOT_SUPPORTED (“The requested operation is not supported”) when I tried to create ML-KEM key using Key Storage Provider - CngKey.Create to persist in Microsoft Software Key Storage Provider.

• When or in which build version NCryptCreatePersistedKey API will be available for persisting ML-KEM and ML-DSA algorithms?

I got access on ML-KEM in Windows which is exposed via BCrypt for in-memory/ephemeral keys but not getting support for create and persist in Microsoft Software Key Storage Provider on Window OS 26H1 (OS build 28020.1546).

Answer 1

Hi Saurabh_4 Gupta_4

Thanks for posting in the Microsoft Q&A Forum!

At this time, there is no announced Windows build or version where NCryptCreatePersistedKey supports ML‑KEM or ML‑DSA. In current Windows Insider builds, including 26H1, these algorithms are supported only via the BCrypt API for ephemeral (in‑memory) keys. Attempts to create or persist ML‑KEM or ML‑DSA keys through the Microsoft Software Key Storage Provider will return NTE_NOT_SUPPORTED (0x80090029).

Microsoft has not published a timeline or target build for adding NCrypt / KSP persistence support for these algorithms. When such support becomes available, it will be documented in Windows release notes and official documentations.

If this functionality is important for your scenario, you’re encouraged to submit feedback through the Windows Feedback Hub (or upvote an existing item) under Security and Privacy → Cryptography.

Have a great day!