Local File Vault
developer machines, backup jobs, admin laptops, server batch jobs
encryptFileBytes, decryptFileBytes, encryptAsync, PqEnvelope
Post-quantum application recipes for Dart
Encrypt files, folders, text, media, webhooks, tokens, and server sessions.
pqforge turns the pqcrypto ML-KEM (FIPS 203) and ML-DSA (FIPS 204) primitives into application-ready cryptography: KEM-DEM envelopes, AES-256-GCM and ChaCha20-Poly1305 AEAD, X25519/Ed25519/ECDSA-P256 hybrids, bounded-memory gigabyte streaming, multi-recipient envelopes, Argon2id-wrapped key custody, named recipes, and a universal CLI. The core is pure Dart and web-safe — no dart:ffi.
- Pure Dart, no FFI
- Web-safe core
- FIPS 203/204-aligned via pqcrypto
- MIT licensed
3ML-KEM profiles
3ML-DSA profiles
15named recipes
1universal CLI
Recipe catalog
Build with named operations, not ad hoc crypto glue.
Folder Archive
case files, release bundles, evidence folders, internal archives
encryptFolderEntry, decryptFolderEntry
Folder Pack Archive
many small files, site exports, evidence bundles, dataset shards
PqForgePackService (package:pqforge/pqforge_io.dart)
Large Files And Media Streaming
gigabyte media, datasets, disk images, backups, VM snapshots
PqForgeStreamCipher.encryptFile, decryptStream (package:pqforge/pqforge_io.dart)
Multi-Recipient Envelopes
shared vaults, team archives, escrow, break-glass recipients
encryptAsync, PqMultiRecipient, PqRecipientSpec
Text Snippets
notes, secrets, prompts, policy snippets, short messages
sealText, openText, signText, verifyText
Media Assets
photos, audio, video, PDFs, campaign media, identity images
sealMedia, openMedia, signMedia, verifyMedia
Document Signing
contracts, reports, certificates, approvals, policy documents
signDocument, verifyDocument
Hybrid And Classical Signatures
release artifacts, firmware, long-lived approvals, dual-trust signing
PqForgeHybridSigner, PqEcdsaP256, dualSign, dualVerify
Webhook Integrity
payment callbacks, audit delivery, server-to-server events
signWebhook, verifyWebhook
Signed Tokens
API capabilities, admin actions, short-lived grants
issueToken, verifyToken
Private Email Payloads
encrypted mail bodies, secure notifications, outbound archive mail
sealEmail, openEmail
Government And Medical Records
public-sector records, patient records, registry payloads
encryptRecord, appendSignedLogEntry
Software Artifacts
release bundles, firmware, packages, configuration rollouts
signArtifact, verifyArtifact
Hybrid Server Sessions
Serverpod, API services, local agents, backend handshakes
PqForgeHybridKeyAgreement, PqForgeSecureSession
Universal CLI
Local files and server jobs get the same envelope model.
Generate reusable public keys and wrapped secret keys, then encrypt or sign files, folders, text, and media without writing application code.
export PQFORGE_PASSPHRASE='from-your-secret-manager'
dart run pqforge keygen --profile maximum --key-id vault --out-dir keys --passphrase-env PQFORGE_PASSPHRASE
dart run pqforge encrypt-folder --recipient-public keys/vault.kem.public.json --in-dir ./records --out-dir ./records.pqf
dart run pqforge decrypt-folder --recipient-secret keys/vault.kem.secret.wrapped.json --passphrase-env PQFORGE_PASSPHRASE --in-dir ./records.pqf --out-dir ./records.open
dart run pqforge sign --kind media --signer-secret keys/vault.sign.secret.wrapped.json --passphrase-env PQFORGE_PASSPHRASE --in cover.png --mime-type image/png --out cover.sig.jsonUse cases
From local vaults to server sessions.
Local File Vault
developer machines, backup jobs, admin laptops, server batch jobs
Folder Archive
case files, release bundles, evidence folders, internal archives
Folder Pack Archive
many small files, site exports, evidence bundles, dataset shards
Large Files And Media Streaming
gigabyte media, datasets, disk images, backups, VM snapshots
Multi-Recipient Envelopes
shared vaults, team archives, escrow, break-glass recipients
Text Snippets
notes, secrets, prompts, policy snippets, short messages
Media Assets
photos, audio, video, PDFs, campaign media, identity images
Document Signing
contracts, reports, certificates, approvals, policy documents
Hybrid And Classical Signatures
release artifacts, firmware, long-lived approvals, dual-trust signing
Webhook Integrity
payment callbacks, audit delivery, server-to-server events
Signed Tokens
API capabilities, admin actions, short-lived grants
Private Email Payloads
encrypted mail bodies, secure notifications, outbound archive mail
Government And Medical Records
public-sector records, patient records, registry payloads
Software Artifacts
release bundles, firmware, packages, configuration rollouts
Hybrid Server Sessions
Serverpod, API services, local agents, backend handshakes
Profiles
Pick a security margin that matches the lifetime.
compact
ML-KEM-512 + ML-DSA-44
smaller demos, constrained payloads, and low-bandwidth signaturesbalanced
ML-KEM-768 + ML-DSA-65
default application and server profilemaximum
ML-KEM-1024 + ML-DSA-87
long-lived records, archives, media, and high-value artifactsDocumentation
Everything users and agents need to stay inside the boundary.
READMEHigh-signal overview, badges, quickstarts, recipe map, and validation commands.
Documentation IndexCanonical map of every doc, the package surface, and the visibility generator.
CLI GuideFull command-line usage: wrapped keys, files, folders, text, media, streaming, pack, multi-recipient, hybrid, and signatures.
Project CatalogApplications and domains that map to pqforge recipes.
Recipe CookbookNamed recipe docs for safe application composition.
API ReferenceFacade methods, hybrid tier, secure sessions, AEAD engines, types, and CLI summary.
Hybrid AuditCoverage audit against pqcrypto building blocks and explicit rejections.
Performance And Hybrid CLIAs-built throughput, memory, and engine/cipher recommendations with measured numbers.
Envelope FormatsThe .pqf one-shot and .pqfs streaming container layouts and AAD binding.
Threat ModelAssets, adversaries, what the package defends, and what the application must own.
Key CustodyWrapped key storage and pluggable custody model.
Claim BoundaryAllowed and forbidden claims for package consumers and agents.
Claim boundary
Composition, not certification.
pqforge is the application layer built on pqcrypto ML-KEM/ML-DSA. It does not claim CMVP/FIPS 140 validation, hard constant-time Dart behavior, or hard memory erasure. RC4 is rejected.
- ML-KEM-512/768/1024 KEM-DEM envelopes through pqcrypto (FIPS 203-aligned)
- ML-DSA-44/65/87 detached and pre-hash signatures through pqcrypto (FIPS 204-aligned)
- AES-256-GCM and ChaCha20-Poly1305 AEAD on a pure-Dart (PointyCastle) or native (package:cryptography) engine
- Bounded-memory .pqfs streaming for gigabyte-scale files: signed header plus independently authenticated frames, auto-engaged at 8 MiB
- Multi-recipient envelopes: one sealed payload, the DEM key wrapped per recipient, with no wire-format change
- X25519 plus ML-KEM hybrid KEM-DEM so confidentiality holds while either Module-LWE or Curve25519 stands
FAQ
Answers before integration.
What is pqforge?
pqforge is a pure-Dart post-quantum application toolkit. It turns the ML-KEM and ML-DSA primitives from pqcrypto into encrypted files, folders, text, media, email payloads, records, signed documents, signed webhooks, signed tokens, release artifacts, tamper-evident logs, hybrid sessions, wrapped key custody, and a universal CLI.
How is pqforge different from pqcrypto?
pqcrypto is the primitives layer: FIPS 203 ML-KEM, FIPS 204 ML-DSA, SHA-2, and SHA-3/SHAKE with zero runtime dependencies. pqforge is the application layer built on top of it: KEM-DEM envelopes, AES-256-GCM and ChaCha20-Poly1305 AEAD, X25519/Ed25519/ECDSA-P256 hybrids, key custody, streaming, multi-recipient envelopes, named recipes, and a CLI. Use pqcrypto for raw algorithms; use pqforge to ship a feature.
Is pqforge post-quantum / quantum-safe?
Yes. It uses NIST FIPS 203 ML-KEM for key establishment and FIPS 204 ML-DSA for signatures through pqcrypto, so confidentiality and signatures resist quantum attacks. Hybrid modes add X25519, Ed25519, or ECDSA-P256 so security also holds if a classical break ever lands on the post-quantum scheme.
Does pqforge work on Flutter and the web?
Yes. The core import, package:pqforge/pqforge.dart, is pure Dart and web-safe with no dart:ffi, so the same code runs on the Dart VM, Flutter, and the web. Gigabyte-scale dart:io file streaming lives behind package:pqforge/pqforge_io.dart. On Flutter, FlutterCryptography.enable() adds hardware-backed AEAD.
Can pqforge encrypt gigabyte files without running out of memory?
Yes. Inputs at or above 8 MiB automatically use the .pqfs streaming container: a signed master header followed by independently authenticated frames, with a working set of roughly two frames regardless of total size. Per-frame sequence and final-flag binding prevent truncation, reordering, duplication, and splicing.
Can one ciphertext target multiple recipients?
Yes. Repeat --recipient-public on the encrypt commands (or use PqMultiRecipient in the library). The payload is sealed exactly once and the DEM key is wrapped to each additional recipient as a metadata entry, costing about 1.6 KB and 2 ms per extra recipient instead of a full re-encryption. Entries can individually be hybrid, and it works for both one-shot envelopes and .pqfs streams.
Which ciphers does pqforge support, and which is fastest?
AES-256-GCM (default) and ChaCha20-Poly1305, on a pure-Dart PointyCastle engine or the native package:cryptography engine. Where hardware AES is not dispatched, ChaCha20-Poly1305 measures about 30.4 MiB/s versus 11.5 MiB/s for AES-256-GCM (about 2.6x); with hardware AEAD both exceed 1 GB/s. RC4 is rejected.
What is the difference between the cryptography and pure-dart engines?
--engine cryptography (the default) uses package:cryptography and is roughly 10x faster than the PointyCastle reference even in pure Dart, and hardware-backed on Flutter. --engine pure-dart uses PointyCastle only. The wire formats are engine-independent, so an envelope sealed by one engine opens on the other.
Is pqforge FIPS validated?
No. pqforge composes FIPS 203/204-aligned primitives from pqcrypto but is not a CMVP or FIPS 140 validated cryptographic module. A PqFipsMode deployment layer restricts suites to AES-256-GCM and PBKDF2-HMAC-SHA256 key wrapping (SP 800-132) and allows a swappable DRBG for validated-module deployments.
Can pqforge sign and verify documents and releases?
Yes. It provides ML-DSA detached signatures, recipe-bound signatures for documents, text, media, artifacts, tokens, and webhooks, hybrid ML-DSA + Ed25519/ECDSA-P256 signatures, and standalone ECDSA-P256 (RFC 6979 deterministic nonces, canonical low-S). AES never signs.
Can I sign a gigabyte artifact without reading it all into memory?
Yes. hybrid-sign --digest and ecdsa-sign --digest sign the streamed SHA-256 of the input under a domain-separation label, recorded in the signature JSON so the verify commands re-hash automatically. Envelope signatures are likewise computed over a header-plus-payload hash, so signing cost does not scale with payload size.
Can pqforge bundle a whole folder into one file?
Yes. pqforge pack collapses a whole folder into one encrypted streaming archive with a single KEM encapsulation and signature for the tree, roughly 100x less ciphertext overhead than per-file envelopes for a thousand small files. pqforge unpack restores it path-traversal-safe, and a failed unpack removes everything it created.
What does hybrid mean in pqforge?
Two independent hard problems guard the same secret. Hybrid encryption combines the ML-KEM shared secret with an ephemeral X25519 exchange using the IETF concatenate-then-KDF construction, so confidentiality holds while either Module-LWE or Curve25519 stands. Hybrid signatures pair an ML-DSA signature with an Ed25519 or ECDSA-P256 signature over the same message.
Where does the CLI store keys?
In the directory passed to keygen --out-dir. Public keys are raw JSON. Secret keys are wrapped JSON when a passphrase source is supplied. keygen emits the full hybrid keyset by default: ML-KEM and ML-DSA plus X25519, Ed25519, and ECDSA-P256.
Are CLI keys password protected?
Yes when keygen is run with --passphrase-env, --passphrase-file, or --passphrase. Wrapped secrets use Argon2id for passphrase-to-key derivation and AES-256-GCM for authenticated encryption of the key bytes, with AAD binding the key kind, algorithm, and key id.
Can I inspect an encrypted file without decrypting it?
Yes. pqforge inspect describes any .pqf, .pqfs, key, or signature file: format, profile, suite (for example ML-KEM-1024 + X25519 then HKDF-SHA-512 then AES-256-GCM), engine, signature, recipients, and metadata, without needing a secret key.
Does pqforge provide identity, trust, or replay protection?
No. pqforge composes cryptographic building blocks. Public-key trust, identity vetting, replay windows, authorization policy, session storage, and TLS remain the application's responsibility. A self-provided public key is not an identity.
Is the published package pure Dart? Does it use FFI?
Yes, it is pure Dart with no dart:ffi, so it runs everywhere Dart runs, including the web. The OpenSSL interop harness used in CI to prove byte-compatibility with the system libcrypto is a separate publish_to: none dev package and is never shipped.
Does pqforge support RC4?
No. RC4 is not post-quantum, not authenticated encryption, not in pqcrypto, and not safe for new systems. pqforge offers AES-256-GCM and ChaCha20-Poly1305 instead.
Can AES sign documents?
No. AES encrypts; ML-DSA, hybrid signatures, or ECDSA-P256 sign and verify. Encryption and signing are distinct operations with distinct keys.
Which apps can use pqforge?
Local file vaults, folder and pack archives, server export jobs, gigabyte media and dataset pipelines, multi-recipient shared vaults, webhook systems, token issuers, document workflows, email payload protection, government and medical record systems, signed release and firmware pipelines, tamper-evident logs, and hybrid Serverpod/API server sessions.