Quantum-Resilient Encryption Kit - Python SDK
Project description
qREK Python SDK
Python bindings for qREK - Quantum-Resilient Encryption Kit.
Generate cryptographic keys using real quantum entropy from the QSE API.
Installation
pip install qrek
Quick Start
import os
from qrek import PyQrekClient
# Set your API token
os.environ['QREK_API_TOKEN'] = 'your-qse-api-token'
# Initialize client
client = PyQrekClient()
# Generate AES-256 key with quantum entropy
aes_result = client.generate_aes_key()
print(f"Key: {aes_result['key_base64']}")
print(f"Entropy ID: {aes_result['entropy_id']}")
Features
- AES-256 Key Generation - Quantum-entropy-seeded symmetric keys
- RSA Keypair Generation - 2048/3072/4096-bit keypairs
- File Encryption/Decryption - XChaCha20-Poly1305 authenticated encryption
- Stream Encryption - Chunked encryption for large files
- Container Inspection - View metadata without decryption key
- Ed25519 Signatures - Sign and verify container headers
- Hybrid Encryption - RSA-OAEP key wrapping
- Full Provenance - Track WHO/WHEN/WHY/ENTROPY_ID
API Reference
Initialize Client
from qrek import PyQrekClient
# Option 1: Use QREK_API_TOKEN environment variable
client = PyQrekClient()
# Option 2: Pass token directly
client = PyQrekClient('your-qse-api-token')
Generate AES-256 Key
result = client.generate_aes_key()
print(result['key_base64']) # Base64-encoded 256-bit key
print(result['key_hex']) # Hex-encoded key
print(result['entropy_id']) # QSE entropy identifier
print(result['signature_verified']) # True if QSE signature valid
Generate RSA Keypair
# Supported sizes: 2048, 3072, 4096
result = client.generate_rsa_keypair(2048)
print(result['private_key_pem']) # PKCS#8 PEM format
print(result['public_key_pem']) # Public key PEM
print(result['entropy_id']) # QSE entropy identifier
print(result['signature_verified']) # True if QSE signature valid
Encrypt File
Encrypt a file with XChaCha20-Poly1305 authenticated encryption.
# First generate a key
key_result = client.generate_aes_key()
key_base64 = key_result['key_base64']
# Encrypt file
result = client.encrypt_file(
input_path='secret.txt',
output_path='secret.qrek',
key_base64=key_base64,
creator='user@example.com', # Optional: who encrypted
purpose='Secure backup' # Optional: why encrypted
)
print(result['output_path']) # Path to encrypted file
print(result['bytes_encrypted']) # Number of bytes encrypted
print(result['entropy_id']) # Entropy used for this operation
Decrypt File
result = client.decrypt_file(
input_path='secret.qrek',
output_path='secret_decrypted.txt',
key_base64=key_base64
)
print(result['output_path']) # Path to decrypted file
print(result['bytes_decrypted']) # Number of bytes decrypted
Inspect Container (Without Decryption Key)
View encrypted file metadata without needing the decryption key - perfect for auditing and compliance.
info = client.inspect_container('secret.qrek')
print(info['magic']) # "qREKv1" - file format
print(info['algorithm']) # "XChaCha20-Poly1305"
print(info['creator']) # Who encrypted the file
print(info['purpose']) # Why it was encrypted
print(info['created_at']) # When it was encrypted
print(info['entropy_id']) # QSE entropy ID used
print(info['key_provenance_valid']) # True if provenance is valid
Use Case: Compliance Auditing
# Auditor can verify encryption metadata without accessing the data
info = client.inspect_container('confidential.qrek')
if info['key_provenance_valid']:
print(f"✓ File encrypted by: {info['creator']}")
print(f"✓ Encrypted on: {info['created_at']}")
print(f"✓ Quantum entropy: {info['entropy_id']}")
print(f"✓ Algorithm: {info['algorithm']}")
else:
print("⚠ Warning: Key provenance could not be verified")
Stream Encryption (Large Files)
For files too large to fit in memory:
# Encrypt large file in chunks
result = client.encrypt_stream(
input_path='large_video.mp4',
output_path='large_video.qrek',
key_base64=key_base64,
chunk_size=65536, # 64KB chunks (default)
creator='backup-service',
purpose='Video archive'
)
print(result['bytes_encrypted'])
print(result['chunks_processed'])
# Decrypt
result = client.decrypt_stream(
input_path='large_video.qrek',
output_path='large_video_restored.mp4',
key_base64=key_base64
)
In-Memory Encryption
Encrypt data without writing to disk:
plaintext = b'Sensitive data to encrypt'
# Encrypt
encrypted = client.aes_encrypt(list(plaintext), key_base64)
ciphertext = encrypted['ciphertext']
nonce = encrypted['nonce']
tag = encrypted['tag']
# Decrypt
decrypted = client.aes_decrypt(ciphertext, nonce, tag, key_base64)
original = bytes(decrypted)
Hybrid Encryption (RSA-OAEP)
Wrap symmetric keys with RSA for secure key exchange:
# Generate RSA keypair
rsa = client.generate_rsa_keypair(2048)
# Generate symmetric key
sym_key = client.generate_aes_key()
# Encrypt symmetric key with RSA public key
encrypted_key = client.encrypt_key_rsa_oaep(
sym_key['key_base64'],
rsa['public_key_pem']
)
# Decrypt symmetric key with RSA private key
decrypted_key = client.decrypt_key_rsa_oaep(
encrypted_key,
rsa['private_key_pem']
)
Ed25519 Header Signing (v0.0.3+)
Sign and verify container headers for tamper detection:
# Generate Ed25519 keypair
keys = client.generate_ed25519_keypair()
signing_key = keys['signing_key_hex']
verifying_key = keys['verifying_key_hex']
# Sign container header
signature = client.sign_container_header('file.qrek', signing_key)
print(signature['signature_base64'])
print(signature['algorithm']) # "Ed25519"
# Verify header
result = client.verify_container_header('file.qrek', verifying_key)
print(result['verified'])
print(result['has_signature'])
Complete Example
import os
from qrek import PyQrekClient
# Setup
os.environ['QREK_API_TOKEN'] = 'your-qse-api-token'
client = PyQrekClient()
# 1. Generate encryption key
key = client.generate_aes_key()
print(f"Generated key with entropy: {key['entropy_id']}")
# 2. Encrypt a file
client.encrypt_file(
'confidential.pdf',
'confidential.qrek',
key['key_base64'],
creator='alice@company.com',
purpose='HR confidential document'
)
print("File encrypted successfully")
# 3. Inspect without decryption (for auditing)
info = client.inspect_container('confidential.qrek')
print(f"Encrypted by: {info['creator']}")
print(f"Created at: {info['created_at']}")
print(f"Quantum verified: {info['key_provenance_valid']}")
# 4. Decrypt when needed
client.decrypt_file(
'confidential.qrek',
'confidential_restored.pdf',
key['key_base64']
)
print("File decrypted successfully")
Environment Variables
| Variable | Description | Required |
|---|---|---|
QREK_API_TOKEN |
Your QSE API token | Yes |
QREK_API_URL |
Custom API endpoint | No |
Error Handling
try:
result = client.generate_aes_key()
except RuntimeError as e:
print(f"Error: {e}")
License
MIT OR Apache-2.0
Links
- Repository: https://github.com/qsegroup/qREK
- Documentation: https://github.com/qsegroup/qREK/tree/main/docs
- Issues: https://github.com/qsegroup/qREK/issues
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file qrek-0.0.3-cp38-abi3-win_amd64.whl.
File metadata
- Download URL: qrek-0.0.3-cp38-abi3-win_amd64.whl
- Upload date:
- Size: 2.4 MB
- Tags: CPython 3.8+, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8da6bf04b322bab912ff7c05a83a3dced37dea5eac520771fd94005c77f4d8d6
|
|
| MD5 |
10aa14628bee16ea406cb76ed3fc5066
|
|
| BLAKE2b-256 |
5ba0c6c8680581a7115e7c347ef6a20b4b14c5b890cf5530d56162994ccd6f2b
|
File details
Details for the file qrek-0.0.3-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: qrek-0.0.3-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 2.6 MB
- Tags: CPython 3.8+, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
71ef821de4a8e1be7ea3a50afe5fb28639bbb05cdfa5c4cd7584c1f6bc9c2c9f
|
|
| MD5 |
40e67cac4d97f9e822ff53c872c31cef
|
|
| BLAKE2b-256 |
8c359130674cc3e1c71d17a82c3b82c8170bfe5b60ea96c3d412b1b5284e3899
|
File details
Details for the file qrek-0.0.3-cp38-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: qrek-0.0.3-cp38-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 2.3 MB
- Tags: CPython 3.8+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3644a6572bdf87307949a34475858d86278c53c98770fc31ce82e5c052b1ba95
|
|
| MD5 |
73d8babbaa1284c7aa6f40d1bfcaec18
|
|
| BLAKE2b-256 |
004d9af6d0ff9289a027a6d86c096d6ee8fadd6288544f6a8dd78f38d0a128fe
|
File details
Details for the file qrek-0.0.3-cp38-abi3-macosx_10_12_x86_64.whl.
File metadata
- Download URL: qrek-0.0.3-cp38-abi3-macosx_10_12_x86_64.whl
- Upload date:
- Size: 2.4 MB
- Tags: CPython 3.8+, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c88b078896b665e2118b64f8ee32408f9211c0405ed33942699484ab833b1def
|
|
| MD5 |
0e84bc12aeccd0a7fdde60414655d4de
|
|
| BLAKE2b-256 |
1429e92ffd95064b7980cb6d1af91461d20f1ae9984b536730dadde25cbc8401
|
