Quantum Vault is a high-security Command Line Interface (CLI) designed to protect files against both classical and future quantum computing threats. It uses a Hybrid Encryption approach, combining Post-Quantum Cryptography (PQC) for key exchange and AES-256 for high-speed data encryption.
- Quantum-Resistant: Utilizes Post-Quantum Cryptography (PQC) algorithms to ensure your data remains secure even in the era of quantum computers.
- Hybrid Encryption: Uses PQC to generate a shared secret, which is then used as a key for AES-256 encryption.
- PQC Key Encapsulation: Securely encrypts and transfers the AES key using Post-Quantum Cryptography mechanisms.
- AES-256-GCM Encryption: Provides confidentiality + integrity using nonce-based authenticated encryption.
- Digital Signatures: Automatically signs every vaulted file and verifies integrity during audits.
- Automated Backups: Creates redundant copies of your encrypted bundles in a dedicated backup directory.
- Vault Auditing: Detects missing, valid, and tampered signatures using verification logic.
- File Management Commands: Add, Extract, Delete, Restore supported via CLI.
- Rich Terminal UI: Beautiful, color-coded interface powered by the
richlibrary.
-
Clone the repository:
git clone https://github.com/webgo-oss/quantum-vault.git cd quantum-vault -
Install dependencies:
pip install click rich
(Ensure you have your custom
cryptoandvaultmodules in the project path.)
Generate your quantum-resistant keys , signature pairs and set master password. Run this first.
python main.py init
Encrypts a file, generates a signature, and creates a backup.
python main.py add "my_secret_data.txt"
Decrypts the vault bundle using PQC and AES, then moves the original file to the recovered/ folder.
python main.py extract "my_secret_data.txt"
Check the status of all encrypted files, including their size, last modified date, and cryptographic signature validity.
python main.py audit
If a vault file is accidentally deleted, restore it from the backup directory.
python main.py restore "my_secret_data.txt"
encrypted/: Stores the.vaultbundles (encrypted data + headers).signatures/: Stores cryptographic signatures for integrity verification.vault_backup/: Automated redundant copies of your vault files.recovered/: Destination for decrypted/extracted files.
quantum-vault/
│
├── main.py
├── crypto/
├── keys/
│
├── encrypted/ # Encrypted vault files (.vault)
├── signatures/ # Digital signatures (.sig)
├── vault_backup/ # Backup files
├── recovered/ # Decrypted output files
├── uploads/ # your uploads
The vault follows a strict security pipeline:
-
Normalization:
Removes spaces from filenames to prevent CLI issues. -
Key Encapsulation (PQC):
- Generates a secure shared secret using Post-Quantum Cryptography
- This shared secret is later used as the key for AES encryption
-
AES-256-GCM Encryption:
- Encrypts file using the shared secret generated from PQC
- Uses nonce for randomness
- Ensures both confidentiality and integrity
-
Bundling:
- Combines:
- Encrypted file data
- PQC ciphertext (encrypted key)
- AES nonce
- Stored as
.vaultfile
- Combines:
-
Digital Signing:
- Entire bundle is signed
- Used later for verification during audit
This project uses experimental Post-Quantum Cryptography. Ensure you back up your private keys in a secure, offline location. Loss of keys will result in permanent loss of data.