High-level post-quantum hybrid encryption (ML-KEM/Kyber768 + AES-256-GCM) with a Fernet-like API
Project description
QuantumGuard
High-level post-quantum hybrid encryption library for Python. Uses ML-KEM (Kyber768, NIST FIPS 203) for key encapsulation and AES-256-GCM for symmetric encryption, with a simple API similar to cryptography.fernet.
Requirements
- Python 3.9+
- pypqc (PQClean bindings, Kyber768)
- cryptography (AES-GCM)
Installation
pip install quantumguard
Quick Start
from quantumguard import QuantumGuard
# Generate key pair
public_key, private_key = QuantumGuard.generate_keypair()
# Encrypt with public key
qg = QuantumGuard(public_key)
ciphertext = qg.encrypt("Mensaje secreto post-cuántico")
# Decrypt with private key
qg_private = QuantumGuard(private_key)
decrypted_text = qg_private.decrypt(ciphertext) # bytes
print(decrypted_text.decode("utf-8"))
Key Persistence (PEM / Base64)
Keys can be exported and imported in PEM or Base64 for storage in .key files:
# Export to PEM
pem_private = QuantumGuard.key_to_pem(private_key, "private")
pem_public = QuantumGuard.key_to_pem(public_key, "public")
# Save to file
with open("private.key", "w") as f:
f.write(pem_private)
# Load from PEM
with open("private.key") as f:
key_bytes, kind = QuantumGuard.key_from_pem(f.read())
qg = QuantumGuard(key_bytes) # or pass the PEM string directly: QuantumGuard(f.read())
Base64 with optional type prefix (qg.pub. / qg.priv.) is also supported via key_to_base64 and key_from_base64.
Serialization Format
- Binary (default): Magic + version, KEM ciphertext length, KEM ciphertext, 12-byte nonce, 16-byte tag, AES ciphertext. Compact and deterministic.
- JSON: Optional
output_format="json"inencrypt()for debugging or interoperability. Payload is UTF-8 JSON with base64-encoded fields (v,k,n,t,c).
Decryption accepts both formats automatically.
Security Notes
- Memory: Sensitive key material is held in a
bytearrayand can be wiped withqg.cleanup(). Python does not guarantee that copies do not exist (e.g. interpreter or C extensions). Usesecure_wipefor custom buffers when needed. - Dependencies: Requires pypqc >= 0.0.6.1 (KyberSlash fix). Do not use older versions.
- Algorithms: ML-KEM-768 (FIPS 203) for KEM; AES-256-GCM for encryption. No AAD is used in the default API.
References
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file quantumguard-0.1.0.tar.gz.
File metadata
- Download URL: quantumguard-0.1.0.tar.gz
- Upload date:
- Size: 12.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
057b07c3a6cf373239eeec9293d591db8f7c9a78c13c8ec5fbdd0c1cd4f521d5
|
|
| MD5 |
440c4ce8bd7dbaf6720e91aa1c1b4d5c
|
|
| BLAKE2b-256 |
b7f2eb75063670ae1f5da15e7918d4322bc1c322d6325d455b5d5302773d27bb
|
File details
Details for the file quantumguard-0.1.0-py3-none-any.whl.
File metadata
- Download URL: quantumguard-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aebc6162aa3066115ee9e84bda1c3feb2c5c8c90e444b84d2537a0a756a9f0f3
|
|
| MD5 |
0ecd7bc46301b96d0f876fd512716aaa
|
|
| BLAKE2b-256 |
09ab344a228c8bd5f675e38b153a5c5a5a21457a4c912cb1d2bc36f75bc7e6df
|
