Post-quantum file encryption using ML-KEM-768 + X25519
Project description
SecureVault - Post-Quantum File Encryption
Protect your files from future quantum computers.
SecureVault is a cross-platform post-quantum encryption tool that protects files using NIST-standardized ML-KEM-768 combined with classical X25519 hybrid encryption.
The Problem
Quantum computers will break RSA/ECC encryption within 10-20 years. Attackers are stealing encrypted data NOW to decrypt LATER.
This is called "harvest now, decrypt later" attacks.
The Solution
SecureVault uses:
- ML-KEM-768 (NIST standardized post-quantum KEM)
- X25519 (classical elliptic-curve)
- Hybrid encryption (both together)
Even if one system is broken in the future, the other still protects your data (I like to call this defense in depth²)
Features
- Hybrid encryption: X25519 + ML-KEM-768 (defense in depth²)
- AES-256-GCM file encryption
- Password-protected keys: PBKDF2 key derivation (100k iterations)
- Cross-platform: Works on Linux, macOS, and Windows
- Future-proof: Designed to be quantum-resistant for 30+ years
- Digital signatures: Ed25519 + ML-DSA-65
- Easy CLI + Desktop GUI: Simple commands, no crypto knowledge needed; very easy to navigate
- No installation required for GUI: Download and run - works out of the box
- Educational: Shows security info about your files
- Designed for long-term security
Choose Your Version
| Version | Best For | Installation |
|---|---|---|
| Desktop GUI | Most users, drag-and-drop simplicity | Download |
| CLI | Developers, automation, scripting | pip install securevault-pqc |
Installation
Option 1: Desktop GUI (Recommended for most users)
Download the standalone application for your platform:
Available for:
- Windows (
.exe) - macOS (
.app) - Linux (executable)
Security verification: Before running the downloaded file, verify its integrity using the checksums provided on the download page. This ensures your download wasn't modified or intercepted.
# macOS/Linux
shasum -a 256 SecureVault-macos
# Windows (PowerShell)
Get-FileHash SecureVault-windows.exe -Algorithm SHA256
Compare the output with the checksum at: https://meganealexis.net/securevault/
No installation required - just download, verify, and run!
Option 2: Command-Line Interface (CLI)
For developers, automation, or advanced users who prefer the terminal.
Prerequisites
- Python 3.9 or higher
- pip
Platform-Specific Setup
macOS Setup
# 1. Install CMake (if not already installed)
brew install cmake
# 2. Build liboqs with shared library support
cd /tmp
git clone --branch 0.15.0 https://github.com/open-quantum-safe/liboqs.git
cd liboqs
mkdir build && cd build
cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/opt/homebrew/opt/liboqs ..
make -j$(sysctl -n hw.ncpu)
sudo make install
# 3. Create symlinks where liboqs-python expects the library
mkdir -p ~/.oqs/lib ~/.oqs/lib64
ln -sf /opt/homebrew/opt/liboqs/lib/liboqs.dylib ~/.oqs/lib/liboqs.dylib
ln -sf /opt/homebrew/opt/liboqs/lib/liboqs.dylib ~/.oqs/lib64/liboqs.dylib
# 4. Create and activate virtual environment
cd ~/Documents/Testing_securevault
python3 -m venv venv
source venv/bin/activate
# 5. Install SecureVault
pip install securevault-pqc
# 6. Test it!
securevault --help
Windows Setup
# 1. Install Chocolatey build tools (if not already installed)
choco install visualstudio2022buildtools visualstudio2022-workload-vctools -y
# 2. Build liboqs
cd $env:TEMP
git clone --branch 0.15.0 https://github.com/open-quantum-safe/liboqs.git
cd liboqs
mkdir build
cd build
cmake -DBUILD_SHARED_LIBS=ON `
-DCMAKE_INSTALL_PREFIX="$env:USERPROFILE\_oqs" `
-G "Visual Studio 17 2022" -A x64 ..
cmake --build . --config Release
cmake --install . --config Release
# 3. Verify DLL was created
ls "$env:USERPROFILE\_oqs\bin\oqs.dll"
# 4. Create and activate virtual environment
cd ~/Documents/Testing_securevault
python -m venv venv
.\venv\Scripts\Activate.ps1
# 5. Install SecureVault
pip install securevault-pqc
# 6. Test it!
securevault --help
Linux Setup
# 1. Install dependencies (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install cmake build-essential
# 2. Create and activate virtual environment
cd ~/Documents/Testing_securevault
python3 -m venv venv
source venv/bin/activate
# 3. Install SecureVault
pip install securevault-pqc
# 4. Test it!
securevault --help
Quick Start
Basic Workflow
Alice generates keys → Shares alice_public.key with Bob
Bob encrypts file.txt using alice_public.key + bob.key → Sends file.txt.vault to Alice
Alice decrypts file.txt.vault using alice.key + bob_public.key
CLI Example
# 1. Generate your keypair
securevault keygen --output my_keys.key
# You'll be asked to enter a password - remember it, you'll need it for encrypting/decrypting
# Creates: my_keys.key (private) and my_keys_public.key (public)
# 2. Share your public key
# Send my_keys_public.key to anyone who wants to send you encrypted files
# Get their public key (e.g., alice_public.key) for sending files to them
# 3. Create a test file
echo "Secret data" > secret.txt
# 4. Encrypt a file (sending to Alice)
securevault encrypt secret.txt alice_public.key my_keys.key
# You'll be asked to enter your password
# Output: secret.txt.vault
# 5. Check security info
securevault info secret.txt.vault
# 6. Decrypt a file (Alice received your file)
securevault decrypt secret.txt.vault alice.key my_keys_public.key
# Alice enters her password
# Output: secret.txt
Real Example with Names
If your private key is bob.key and you're sending to Alice (alice_public.key):
securevault encrypt document.pdf alice_public.key bob.key
If your private key is alice.key and you're receiving from Bob (bob_public.key):
securevault decrypt document.pdf.vault alice.key bob_public.key
GUI Usage
The desktop GUI provides the same functionality with a visual interface:
- Generate Keys - Create your keypair with password protection
- Encrypt Files - Drag and drop files, select recipient's public key
- Decrypt Files - Select .vault file and provide your private key
- View Info - Check encryption details and security information
No command-line knowledge needed!
Technical Details
- Hybrid encryption: X25519 + ML-KEM-768
- Symmetric encryption: AES-256-GCM
- Key derivation: PBKDF2 (100k iterations)
- Digital signatures: Ed25519 + ML-DSA-65
Security Notice
⚠️ SecureVault has not yet been independently audited.
This is an educational and experimental cryptography project. While it uses NIST-standardized algorithms (ML-KEM-768, ML-DSA-65) and follows best practices, it should not be used for critical security applications without a professional security audit.
Project Status
Active development.
Educational + experimental cryptography project.
Changelog
0.2.1
- Added
securevault --version - Improved CLI help clarity
- Suppressed non-fatal liboqs version warnings for clean CLI output
- Minor UX polish
0.2.0.post3
- Packaging and metadata fixes
- README updates and clarifications
0.2.0
- Hybrid post-quantum + classical encryption (ML-KEM-768 + X25519)
- File signing and verification
- GUI test interface added
0.1.0
- Initial prototype release
- Basic key generation, encryption, and decryption
License
MIT License
Copyright (c) 2026 Mégane Alexis
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Source Code Availability
SecureVault executables are currently available for download under the MIT License. The full source code will be released as open-source in approximately 2 months.
Bug Reports / Contact
GitHub issues are currently disabled.
If you find bugs or security concerns, contact:
🔗 LinkedIn: https://www.linkedin.com/in/megane-alexis/
Author
Mégane Alexis
Recent Grad in Computer Science · Cybersecurity · Cryptography
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securevault_pqc-0.2.1.tar.gz.
File metadata
- Download URL: securevault_pqc-0.2.1.tar.gz
- Upload date:
- Size: 28.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
08138db68434ea02268e67b9ff2249ada802cc4be3121c4262aeb9e69662ce87
|
|
| MD5 |
90c11d82a25b1708add90d3266cfbf0e
|
|
| BLAKE2b-256 |
0579c63ad12d9b97cb95b08f27c2864e35c234ef1b1f8f6fbe9eb1217d34296f
|
File details
Details for the file securevault_pqc-0.2.1-py3-none-any.whl.
File metadata
- Download URL: securevault_pqc-0.2.1-py3-none-any.whl
- Upload date:
- Size: 24.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
efaf8d5255c7de1d20513a6f6dec5bc090d9b82982bfd50a7d8dbe438b33e444
|
|
| MD5 |
a28227a94a7510de4fe2a55c66cc2a55
|
|
| BLAKE2b-256 |
a08f97e4d873e48db181ad98e20e49c6b2e4f5994f49b33063462c9cdcf1ffdc
|
