From 3347f7e68e240f1c3c35e0d663089d1143b1f091 Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Fri, 20 Mar 2026 10:47:18 -0400
Subject: [PATCH] Stabilize ML-DSA X.509 PKIs with published RFC 9881.

---
 .../Cryptography/Asn1/MLDsaPrivateKeyAsn.xml  |   2 +-
 .../Asn1/MLDsaPrivateKeyBothAsn.xml           |   4 +-
 .../src/System/Security/Cryptography/MLDsa.cs |  29 --
 .../MLDsa/MLDsaTestsData.Ietf.cs              |   2 +-
 .../src/CompatibilitySuppressions.xml         | 195 ++++++++++++
 .../X509CertificateKeyAccessors.cs            |   3 -
 .../ref/System.Security.Cryptography.cs       |  34 --
 .../X509Certificates/PublicKey.cs             |   2 -
 .../X509Certificates/X509Certificate2.cs      |   3 -
 ...iCompatBaseline.NetCoreAppLatestStable.xml | 294 ++++++++++++++++++
 10 files changed, 493 insertions(+), 75 deletions(-)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyAsn.xml
index d612dfa842722e..56044f2d0ac740 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyAsn.xml
@@ -6,7 +6,7 @@
   emitType="ref">
 
   <!--
-    https://github.com/lamps-wg/dilithium-certificates/blob/5b23428b08a53aacdb89d93422b81228433e34d8/draft-ietf-lamps-dilithium-certificates.md
+    https://datatracker.ietf.org/doc/rfc9881/ Appendix A.
 
 ML-DSA-44-PrivateKey ::= CHOICE {
   seed [0] OCTET STRING (SIZE (32)),
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyBothAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyBothAsn.xml
index 9aef0fc9dc39fc..84ed04fb78eea0 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyBothAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyBothAsn.xml
@@ -6,11 +6,11 @@
   emitType="ref">
 
   <!--
-    https://github.com/lamps-wg/dilithium-certificates/blob/5b23428b08a53aacdb89d93422b81228433e34d8/draft-ietf-lamps-dilithium-certificates.md
+    https://datatracker.ietf.org/doc/rfc9881/ Appendix A.
 
   both SEQUENCE {
       seed OCTET STRING (SIZE (32)),
-      expandedKey OCTET STRING (SIZE (2560))
+      expandedKey OCTET STRING (SIZE (2560 / 4032 / 4896))
       }
   -->
   <asn:OctetString name="Seed" />
diff --git a/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs b/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
index 21944f3c1dc180..c7cdfbf1370bfa 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
@@ -665,7 +665,6 @@ public bool VerifyMu(ReadOnlySpan<byte> externalMu, ReadOnlySpan<byte> signature
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public byte[] ExportSubjectPublicKeyInfo()
         {
             ThrowIfDisposed();
@@ -695,7 +694,6 @@ public byte[] ExportSubjectPublicKeyInfo()
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesWritten)
         {
             ThrowIfDisposed();
@@ -718,7 +716,6 @@ public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesW
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public string ExportSubjectPublicKeyInfoPem()
         {
             ThrowIfDisposed();
@@ -745,7 +742,6 @@ public string ExportSubjectPublicKeyInfoPem()
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public byte[] ExportPkcs8PrivateKey()
         {
             ThrowIfDisposed();
@@ -774,7 +770,6 @@ public byte[] ExportPkcs8PrivateKey()
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritten)
         {
             ThrowIfDisposed();
@@ -818,7 +813,6 @@ public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritte
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         protected abstract bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten);
 
         /// <summary>
@@ -834,7 +828,6 @@ public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritte
         /// <exception cref="CryptographicException">
         ///   An error occurred while exporting the key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public string ExportPkcs8PrivateKeyPem()
         {
             ThrowIfDisposed();
@@ -869,7 +862,6 @@ public string ExportPkcs8PrivateKeyPem()
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters)
         {
             ArgumentNullException.ThrowIfNull(pbeParameters);
@@ -917,7 +909,6 @@ public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbePar
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters)
         {
             ArgumentNullException.ThrowIfNull(pbeParameters);
@@ -940,7 +931,6 @@ public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, P
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="password"/> or <paramref name="pbeParameters"/> is <see langword="null"/>.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters)
         {
             ArgumentNullException.ThrowIfNull(password);
@@ -984,7 +974,6 @@ public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeP
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public bool TryExportEncryptedPkcs8PrivateKey(
             ReadOnlySpan<char> password,
             PbeParameters pbeParameters,
@@ -1045,7 +1034,6 @@ public bool TryExportEncryptedPkcs8PrivateKey(
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public bool TryExportEncryptedPkcs8PrivateKey(
             ReadOnlySpan<byte> passwordBytes,
             PbeParameters pbeParameters,
@@ -1072,7 +1060,6 @@ public bool TryExportEncryptedPkcs8PrivateKey(
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="password"/> or <paramref name="pbeParameters"/> is <see langword="null"/>.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public bool TryExportEncryptedPkcs8PrivateKey(
             string password,
             PbeParameters pbeParameters,
@@ -1112,7 +1099,6 @@ public bool TryExportEncryptedPkcs8PrivateKey(
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public string ExportEncryptedPkcs8PrivateKeyPem(
             ReadOnlySpan<char> password,
             PbeParameters pbeParameters)
@@ -1157,7 +1143,6 @@ public string ExportEncryptedPkcs8PrivateKeyPem(
         ///   <para>-or-</para>
         ///   <para>An error occurred while exporting the key.</para>
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public string ExportEncryptedPkcs8PrivateKeyPem(
             ReadOnlySpan<byte> passwordBytes,
             PbeParameters pbeParameters)
@@ -1176,7 +1161,6 @@ public string ExportEncryptedPkcs8PrivateKeyPem(
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="password"/> or <paramref name="pbeParameters"/> is <see langword="null"/>.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public string ExportEncryptedPkcs8PrivateKeyPem(
             string password,
             PbeParameters pbeParameters)
@@ -1370,7 +1354,6 @@ public static MLDsa GenerateKey(MLDsaAlgorithm algorithm)
         ///   The platform does not support ML-DSA. Callers can use the <see cref="IsSupported" /> property
         ///   to determine if the platform supports ML-DSA.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportSubjectPublicKeyInfo(ReadOnlySpan<byte> source)
         {
             Helpers.ThrowIfAsnInvalidLength(source);
@@ -1397,7 +1380,6 @@ static void SubjectPublicKeyReader(ReadOnlySpan<byte> key, in ValueAlgorithmIden
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="source" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportSubjectPublicKeyInfo(byte[] source)
         {
             ArgumentNullException.ThrowIfNull(source);
@@ -1435,7 +1417,6 @@ public static MLDsa ImportSubjectPublicKeyInfo(byte[] source)
         ///   The platform does not support ML-DSA. Callers can use the <see cref="IsSupported" /> property
         ///   to determine if the platform supports ML-DSA.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportPkcs8PrivateKey(ReadOnlySpan<byte> source)
         {
             Helpers.ThrowIfAsnInvalidLength(source);
@@ -1450,7 +1431,6 @@ public static MLDsa ImportPkcs8PrivateKey(ReadOnlySpan<byte> source)
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="source" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportPkcs8PrivateKey(byte[] source)
         {
             ArgumentNullException.ThrowIfNull(source);
@@ -1500,7 +1480,6 @@ public static MLDsa ImportPkcs8PrivateKey(byte[] source)
         ///   The platform does not support ML-DSA. Callers can use the <see cref="IsSupported" /> property
         ///   to determine if the platform supports ML-DSA.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, ReadOnlySpan<byte> source)
         {
             Helpers.ThrowIfAsnInvalidLength(source);
@@ -1550,7 +1529,6 @@ public static MLDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBy
         ///   The platform does not support ML-DSA. Callers can use the <see cref="IsSupported" /> property
         ///   to determine if the platform supports ML-DSA.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> source)
         {
             Helpers.ThrowIfAsnInvalidLength(source);
@@ -1567,7 +1545,6 @@ public static MLDsa ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password,
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="password" /> or <paramref name="source" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportEncryptedPkcs8PrivateKey(string password, byte[] source)
         {
             ArgumentNullException.ThrowIfNull(password);
@@ -1612,7 +1589,6 @@ public static MLDsa ImportEncryptedPkcs8PrivateKey(string password, byte[] sourc
         ///     </list>
         ///   </para>
         /// </remarks>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromPem(ReadOnlySpan<char> source)
         {
             ThrowIfNotSupported();
@@ -1630,7 +1606,6 @@ public static MLDsa ImportFromPem(ReadOnlySpan<char> source)
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="source" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromPem(string source)
         {
             ArgumentNullException.ThrowIfNull(source);
@@ -1698,7 +1673,6 @@ public static MLDsa ImportFromPem(string source)
         ///   </para>
         ///   <para>This method supports the <c>ENCRYPTED PRIVATE KEY</c> PEM label.</para>
         /// </remarks>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<char> password)
         {
             ThrowIfNotSupported();
@@ -1763,7 +1737,6 @@ public static MLDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySp
         ///   </para>
         ///   <para>This method supports the <c>ENCRYPTED PRIVATE KEY</c> PEM label.</para>
         /// </remarks>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<byte> passwordBytes)
         {
             ThrowIfNotSupported();
@@ -1778,7 +1751,6 @@ public static MLDsa ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySp
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="source" /> or <paramref name="password" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromEncryptedPem(string source, string password)
         {
             ArgumentNullException.ThrowIfNull(source);
@@ -1792,7 +1764,6 @@ public static MLDsa ImportFromEncryptedPem(string source, string password)
         /// <exception cref="ArgumentNullException">
         ///   <paramref name="source" /> or <paramref name="passwordBytes" /> is <see langword="null" />.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa ImportFromEncryptedPem(string source, byte[] passwordBytes)
         {
             ArgumentNullException.ThrowIfNull(source);
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/MLDsa/MLDsaTestsData.Ietf.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/MLDsa/MLDsaTestsData.Ietf.cs
index b2d5fce556a279..7db1588e6c15ff 100644
--- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/MLDsa/MLDsaTestsData.Ietf.cs
+++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/MLDsa/MLDsaTestsData.Ietf.cs
@@ -11,7 +11,7 @@ namespace System.Security.Cryptography.Tests
 {
     public static partial class MLDsaTestsData
     {
-        // Data is from https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/09/
+        // Data is from https://datatracker.ietf.org/doc/rfc9881/ Appendix C.
         internal static partial MLDsaKeyInfo IetfMLDsa44 => field ??= new MLDsaKeyInfo(
             MLDsaAlgorithm.MLDsa44,
                                  "d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17" +
diff --git a/src/libraries/Microsoft.Bcl.Cryptography/src/CompatibilitySuppressions.xml b/src/libraries/Microsoft.Bcl.Cryptography/src/CompatibilitySuppressions.xml
index c5a74a9d8396cf..af71d1f7e00f09 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/src/CompatibilitySuppressions.xml
+++ b/src/libraries/Microsoft.Bcl.Cryptography/src/CompatibilitySuppressions.xml
@@ -1,6 +1,13 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
 <Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509CertificateKeyAccessors.CopyWithPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509CertificateKeyAccessors.CopyWithPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -8,6 +15,20 @@
     <Right>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Right>
     <IsBaselineSuppression>true</IsBaselineSuppression>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509CertificateKeyAccessors.GetMLDsaPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509CertificateKeyAccessors.GetMLDsaPublicKey(System.Security.Cryptography.X509Certificates.X509Certificate2):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509CertificateKeyAccessors.GetMLKemPrivateKey(System.Security.Cryptography.X509Certificates.X509Certificate2):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -22,6 +43,180 @@
     <Right>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Right>
     <IsBaselineSuppression>true</IsBaselineSuppression>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.String,System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.String,System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportPkcs8PrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportPkcs8PrivateKeyPem:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportSubjectPublicKeyInfo:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportSubjectPublicKeyInfoPem:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.String,System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Char}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.String,System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.String,System.String):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromPem(System.ReadOnlySpan{System.Char}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromPem(System.String):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportPkcs8PrivateKey(System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportPkcs8PrivateKey(System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportSubjectPublicKeyInfo(System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportSubjectPublicKeyInfo(System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.String,System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportPkcs8PrivateKey(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportPkcs8PrivateKeyCore(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportSubjectPublicKeyInfo(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>lib/net10.0/Microsoft.Bcl.Cryptography.dll</Left>
+    <Right>lib/net11.0/Microsoft.Bcl.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.MLKem.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
diff --git a/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateKeyAccessors.cs b/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateKeyAccessors.cs
index 9d3e37af1d8506..f660dbd297516f 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateKeyAccessors.cs
+++ b/src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateKeyAccessors.cs
@@ -149,7 +149,6 @@ public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certific
         /// <exception cref="CryptographicException">
         ///   The public key was invalid, or otherwise could not be imported.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa? GetMLDsaPublicKey(this X509Certificate2 certificate)
         {
             ArgumentNullException.ThrowIfNull(certificate);
@@ -194,7 +193,6 @@ public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certific
         /// <exception cref="CryptographicException">
         ///   An error occurred accessing the private key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static MLDsa? GetMLDsaPrivateKey(this X509Certificate2 certificate)
         {
             ArgumentNullException.ThrowIfNull(certificate);
@@ -244,7 +242,6 @@ public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certific
         /// <exception cref="PlatformNotSupportedException">
         ///   Combining a certificate and an ML-DSA private key is not supported on this platform.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, MLDsa privateKey)
         {
             ArgumentNullException.ThrowIfNull(certificate);
diff --git a/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs b/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
index fd5b675a60f8e0..04cb0d4ac85d74 100644
--- a/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
+++ b/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
@@ -2033,17 +2033,11 @@ protected MLDsa(System.Security.Cryptography.MLDsaAlgorithm algorithm) { }
         public static bool IsSupported { get { throw null; } }
         public void Dispose() { }
         protected virtual void Dispose(bool disposing) { }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<byte> passwordBytes, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<char> password, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] ExportEncryptedPkcs8PrivateKey(string password, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public string ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan<byte> passwordBytes, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public string ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan<char> password, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public string ExportEncryptedPkcs8PrivateKeyPem(string password, System.Security.Cryptography.PbeParameters pbeParameters) { throw null; }
         public byte[] ExportMLDsaPrivateKey() { throw null; }
         public void ExportMLDsaPrivateKey(System.Span<byte> destination) { }
@@ -2054,32 +2048,19 @@ public void ExportMLDsaPrivateSeed(System.Span<byte> destination) { }
         public byte[] ExportMLDsaPublicKey() { throw null; }
         public void ExportMLDsaPublicKey(System.Span<byte> destination) { }
         protected abstract void ExportMLDsaPublicKeyCore(System.Span<byte> destination);
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] ExportPkcs8PrivateKey() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public string ExportPkcs8PrivateKeyPem() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] ExportSubjectPublicKeyInfo() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public string ExportSubjectPublicKeyInfoPem() { throw null; }
         public static System.Security.Cryptography.MLDsa GenerateKey(System.Security.Cryptography.MLDsaAlgorithm algorithm) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<byte> passwordBytes, System.ReadOnlySpan<byte> source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<char> password, System.ReadOnlySpan<byte> source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportEncryptedPkcs8PrivateKey(string password, byte[] source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromEncryptedPem(System.ReadOnlySpan<char> source, System.ReadOnlySpan<byte> passwordBytes) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromEncryptedPem(System.ReadOnlySpan<char> source, System.ReadOnlySpan<char> password) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromEncryptedPem(string source, byte[] passwordBytes) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromEncryptedPem(string source, string password) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromPem(System.ReadOnlySpan<char> source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportFromPem(string source) { throw null; }
         public static System.Security.Cryptography.MLDsa ImportMLDsaPrivateKey(System.Security.Cryptography.MLDsaAlgorithm algorithm, byte[] source) { throw null; }
         public static System.Security.Cryptography.MLDsa ImportMLDsaPrivateKey(System.Security.Cryptography.MLDsaAlgorithm algorithm, System.ReadOnlySpan<byte> source) { throw null; }
@@ -2087,13 +2068,9 @@ public void ExportMLDsaPublicKey(System.Span<byte> destination) { }
         public static System.Security.Cryptography.MLDsa ImportMLDsaPrivateSeed(System.Security.Cryptography.MLDsaAlgorithm algorithm, System.ReadOnlySpan<byte> source) { throw null; }
         public static System.Security.Cryptography.MLDsa ImportMLDsaPublicKey(System.Security.Cryptography.MLDsaAlgorithm algorithm, byte[] source) { throw null; }
         public static System.Security.Cryptography.MLDsa ImportMLDsaPublicKey(System.Security.Cryptography.MLDsaAlgorithm algorithm, System.ReadOnlySpan<byte> source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportPkcs8PrivateKey(byte[] source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportPkcs8PrivateKey(System.ReadOnlySpan<byte> source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportSubjectPublicKeyInfo(byte[] source) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public static System.Security.Cryptography.MLDsa ImportSubjectPublicKeyInfo(System.ReadOnlySpan<byte> source) { throw null; }
         public byte[] SignData(byte[] data, byte[]? context = null) { throw null; }
         public void SignData(System.ReadOnlySpan<byte> data, System.Span<byte> destination, System.ReadOnlySpan<byte> context = default(System.ReadOnlySpan<byte>)) { }
@@ -2112,17 +2089,11 @@ public void SignMu(System.ReadOnlySpan<byte> externalMu, System.Span<byte> desti
         public void SignPreHash(System.ReadOnlySpan<byte> hash, System.Span<byte> destination, string hashAlgorithmOid, System.ReadOnlySpan<byte> context = default(System.ReadOnlySpan<byte>)) { }
         [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         protected abstract void SignPreHashCore(System.ReadOnlySpan<byte> hash, System.ReadOnlySpan<byte> context, string hashAlgorithmOid, System.Span<byte> destination);
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public bool TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<byte> passwordBytes, System.Security.Cryptography.PbeParameters pbeParameters, System.Span<byte> destination, out int bytesWritten) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public bool TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan<char> password, System.Security.Cryptography.PbeParameters pbeParameters, System.Span<byte> destination, out int bytesWritten) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public bool TryExportEncryptedPkcs8PrivateKey(string password, System.Security.Cryptography.PbeParameters pbeParameters, System.Span<byte> destination, out int bytesWritten) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public bool TryExportPkcs8PrivateKey(System.Span<byte> destination, out int bytesWritten) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         protected abstract bool TryExportPkcs8PrivateKeyCore(System.Span<byte> destination, out int bytesWritten);
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public bool TryExportSubjectPublicKeyInfo(System.Span<byte> destination, out int bytesWritten) { throw null; }
         public bool VerifyData(byte[] data, byte[] signature, byte[]? context = null) { throw null; }
         public bool VerifyData(System.ReadOnlySpan<byte> data, System.ReadOnlySpan<byte> signature, System.ReadOnlySpan<byte> context = default(System.ReadOnlySpan<byte>)) { throw null; }
@@ -3593,7 +3564,6 @@ public sealed partial class PublicKey
         public PublicKey(System.Security.Cryptography.AsymmetricAlgorithm key) { }
         [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006")]
         public PublicKey(System.Security.Cryptography.CompositeMLDsa key) { }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006")]
         public PublicKey(System.Security.Cryptography.MLDsa key) { }
         public PublicKey(System.Security.Cryptography.MLKem key) { }
         public PublicKey(System.Security.Cryptography.Oid oid, System.Security.Cryptography.AsnEncodedData? parameters, System.Security.Cryptography.AsnEncodedData keyValue) { }
@@ -3617,7 +3587,6 @@ public PublicKey(System.Security.Cryptography.SlhDsa key) { }
         public System.Security.Cryptography.ECDiffieHellman? GetECDiffieHellmanPublicKey() { throw null; }
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
         public System.Security.Cryptography.ECDsa? GetECDsaPublicKey() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
         public System.Security.Cryptography.MLDsa? GetMLDsaPublicKey() { throw null; }
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
@@ -3938,7 +3907,6 @@ public X509Certificate2(string fileName, string? password, System.Security.Crypt
         [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(System.Security.Cryptography.CompositeMLDsa privateKey) { throw null; }
         public System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(System.Security.Cryptography.ECDiffieHellman privateKey) { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(System.Security.Cryptography.MLDsa privateKey) { throw null; }
         public System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(System.Security.Cryptography.MLKem privateKey) { throw null; }
         [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
@@ -3966,9 +3934,7 @@ public X509Certificate2(string fileName, string? password, System.Security.Crypt
         public System.Security.Cryptography.CompositeMLDsa? GetCompositeMLDsaPublicKey() { throw null; }
         public System.Security.Cryptography.ECDiffieHellman? GetECDiffieHellmanPrivateKey() { throw null; }
         public System.Security.Cryptography.ECDiffieHellman? GetECDiffieHellmanPublicKey() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public System.Security.Cryptography.MLDsa? GetMLDsaPrivateKey() { throw null; }
-        [System.Diagnostics.CodeAnalysis.ExperimentalAttribute("SYSLIB5006", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public System.Security.Cryptography.MLDsa? GetMLDsaPublicKey() { throw null; }
         public System.Security.Cryptography.MLKem? GetMLKemPrivateKey() { throw null; }
         public System.Security.Cryptography.MLKem? GetMLKemPublicKey() { throw null; }
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
index 0905992bd64694..a59f008ae7a01f 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
@@ -85,7 +85,6 @@ public PublicKey(MLKem key) : this(key.ExportSubjectPublicKeyInfo())
         /// <see cref="MLDsa.ExportSubjectPublicKeyInfo" /> must return a
         /// valid ASN.1-DER encoded X.509 SubjectPublicKeyInfo.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId)]
         public PublicKey(MLDsa key) : this(key.ExportSubjectPublicKeyInfo())
         {
         }
@@ -379,7 +378,6 @@ public static PublicKey CreateFromSubjectPublicKeyInfo(ReadOnlySpan<byte> source
         /// <exception cref="CryptographicException">
         ///   The key contents are corrupt or could not be read successfully.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         [UnsupportedOSPlatform("browser")]
         public MLDsa? GetMLDsaPublicKey()
         {
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
index e90a05c8a22613..85e7f0a4434f73 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
@@ -891,7 +891,6 @@ public X509Certificate2 CopyWithPrivateKey(MLKem privateKey)
         /// <exception cref="CryptographicException">
         ///   The public key was invalid, or otherwise could not be imported.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public MLDsa? GetMLDsaPublicKey()
         {
             MLDsaAlgorithm? algorithm = MLDsaAlgorithm.GetMLDsaAlgorithmFromOid(GetKeyAlgorithm());
@@ -914,7 +913,6 @@ public X509Certificate2 CopyWithPrivateKey(MLKem privateKey)
         /// <exception cref="CryptographicException">
         ///   An error occurred accessing the private key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public MLDsa? GetMLDsaPrivateKey()
         {
             MLDsaAlgorithm? algorithm = MLDsaAlgorithm.GetMLDsaAlgorithmFromOid(GetKeyAlgorithm());
@@ -947,7 +945,6 @@ public X509Certificate2 CopyWithPrivateKey(MLKem privateKey)
         /// <exception cref="InvalidOperationException">
         ///   The certificate already has an associated private key.
         /// </exception>
-        [Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
         public X509Certificate2 CopyWithPrivateKey(MLDsa privateKey)
         {
             ArgumentNullException.ThrowIfNull(privateKey);
diff --git a/src/libraries/apicompat/ApiCompatBaseline.NetCoreAppLatestStable.xml b/src/libraries/apicompat/ApiCompatBaseline.NetCoreAppLatestStable.xml
index 8cde111fd924bb..08762ea745bf52 100644
--- a/src/libraries/apicompat/ApiCompatBaseline.NetCoreAppLatestStable.xml
+++ b/src/libraries/apicompat/ApiCompatBaseline.NetCoreAppLatestStable.xml
@@ -145,24 +145,54 @@
     <Left>net10.0/System.Runtime.Intrinsics.dll</Left>
     <Right>net11.0/System.Runtime.Intrinsics.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/netstandard.dll</Left>
+    <Right>net11.0/netstandard.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/netstandard.dll</Left>
     <Right>net11.0/netstandard.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/netstandard.dll</Left>
+    <Right>net11.0/netstandard.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLKemPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/netstandard.dll</Left>
     <Right>net11.0/netstandard.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/netstandard.dll</Left>
+    <Right>net11.0/netstandard.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/netstandard.dll</Left>
     <Right>net11.0/netstandard.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/netstandard.dll</Left>
+    <Right>net11.0/netstandard.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/netstandard.dll</Left>
+    <Right>net11.0/netstandard.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLKemPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -175,24 +205,54 @@
     <Left>net10.0/netstandard.dll</Left>
     <Right>net11.0/netstandard.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.dll</Left>
+    <Right>net11.0/System.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.dll</Left>
     <Right>net11.0/System.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.dll</Left>
+    <Right>net11.0/System.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLKemPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.dll</Left>
     <Right>net11.0/System.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.dll</Left>
+    <Right>net11.0/System.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.dll</Left>
     <Right>net11.0/System.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.dll</Left>
+    <Right>net11.0/System.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.dll</Left>
+    <Right>net11.0/System.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLKemPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -271,6 +331,180 @@
     <Left>net10.0/System.Runtime.dll</Left>
     <Right>net11.0/System.Runtime.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKey(System.String,System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportEncryptedPkcs8PrivateKeyPem(System.String,System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportPkcs8PrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportPkcs8PrivateKeyPem:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportSubjectPublicKeyInfo:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ExportSubjectPublicKeyInfoPem:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportEncryptedPkcs8PrivateKey(System.String,System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.ReadOnlySpan{System.Char},System.ReadOnlySpan{System.Char}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.String,System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromEncryptedPem(System.String,System.String):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromPem(System.ReadOnlySpan{System.Char}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportFromPem(System.String):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportPkcs8PrivateKey(System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportPkcs8PrivateKey(System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportSubjectPublicKeyInfo(System.Byte[]):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.ImportSubjectPublicKeyInfo(System.ReadOnlySpan{System.Byte}):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Char},System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportEncryptedPkcs8PrivateKey(System.String,System.Security.Cryptography.PbeParameters,System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportPkcs8PrivateKey(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportPkcs8PrivateKeyCore(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.MLDsa.TryExportSubjectPublicKeyInfo(System.Span{System.Byte},System.Int32@):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.MLKem.ExportEncryptedPkcs8PrivateKey(System.ReadOnlySpan{System.Byte},System.Security.Cryptography.PbeParameters):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -445,24 +679,54 @@
     <Left>net10.0/System.Security.Cryptography.dll</Left>
     <Right>net11.0/System.Security.Cryptography.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.dll</Left>
     <Right>net11.0/System.Security.Cryptography.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLKemPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.dll</Left>
     <Right>net11.0/System.Security.Cryptography.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.dll</Left>
     <Right>net11.0/System.Security.Cryptography.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLKemPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
@@ -475,24 +739,54 @@
     <Left>net10.0/System.Security.Cryptography.dll</Left>
     <Right>net11.0/System.Security.Cryptography.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.#ctor(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
     <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.PublicKey.GetMLKemPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
     <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLDsa):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(System.Security.Cryptography.MLKem):[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
     <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
     <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
   </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0014</DiagnosticId>
+    <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLDsaPublicKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>
+    <Left>net10.0/System.Security.Cryptography.X509Certificates.dll</Left>
+    <Right>net11.0/System.Security.Cryptography.X509Certificates.dll</Right>
+  </Suppression>
   <Suppression>
     <DiagnosticId>CP0014</DiagnosticId>
     <Target>M:System.Security.Cryptography.X509Certificates.X509Certificate2.GetMLKemPrivateKey:[T:System.Diagnostics.CodeAnalysis.ExperimentalAttribute]</Target>