Anubis Rage: Post-Quantum Secure File Encryption
Overview
Anubis Rage is a modern, secure file encryption tool implementing NIST Level-5 post-quantum cryptography through ML-KEM-1024 (Module-Lattice-Based Key-Encapsulation Mechanism). Built on the age encryption format specification, Anubis Rage provides quantum-resistant protection for your sensitive data.
Why Anubis Rage?
- 🔐 Quantum-Resistant: Protected against both classical and quantum computer attacks
- 🎯 NIST Standardized: Implements ML-KEM-1024 from FIPS 203
- 🚀 Simple & Secure: No config files, explicit keys, clean UNIX-style interface
- ⚡ High Performance: Efficient post-quantum cryptography implementation via liboqs
- 🔒 Level-5 Security: NIST's highest security classification (256-bit equivalent)
Security Guarantees
Anubis Rage uses ML-KEM-1024 (formerly Kyber1024) for encryption and ML-DSA-87 for signatures:
Encryption (ML-KEM-1024):
- IND-CCA2 security (Indistinguishability under Adaptive Chosen-Ciphertext Attack)
- NIST Level-5 security: Equivalent to AES-256
- Quantum resistance: Secure against Shor's and Grover's algorithms
- Standardized: NIST FIPS 203 approved post-quantum KEM
Signatures (ML-DSA-87 - Mandatory):
- Strong unforgeability (SUF-CMA security)
- NIST Level-5 security: Highest post-quantum security level
- Quantum resistance: Secure against quantum forgery attacks
- Standardized: NIST FIPS 204 approved post-quantum signature scheme
- Mandatory: All encrypted files are automatically signed and verified
NIST Category 5 Compliance
Anubis Rage achieves NIST's maximum security classification throughout its entire cryptographic stack:
| Component | Algorithm | Security Level | Standard |
|---|---|---|---|
| Key Encapsulation | ML-KEM-1024 | NIST Category 5 | FIPS 203 ✓ |
| Digital Signatures | ML-DSA-87 | NIST Category 5 | FIPS 204 ✓ |
| Key Derivation | HKDF-SHA512 | 256-bit | SP 800-56C ✓ |
| Message Authentication | HMAC-SHA512 | 256-bit (64-byte MAC) | FIPS 198-1 ✓ |
| AEAD Encryption | AES-256-GCM-SIV | 256-bit | RFC 8452 ✓ |
| Alternative AEAD | ChaCha20-Poly1305 | 256-bit | RFC 8439 ✓ |
🛡️ Complete Security Analysis: See NIST_SECURITY_ANALYSIS.md for comprehensive security evaluation, threat model, and CNSA 2.0 compliance details.
Installation
From Source (Recommended)
# Requires Rust 1.71+ and liboqs system dependencies
# Binaries will be available at:
# - target/release/anubis-rage
# - target/release/anubis-rage-keygen
System Dependencies
Anubis Rage requires liboqs (Open Quantum Safe library) for ML-KEM-1024:
macOS:
Ubuntu/Debian:
&& &&
&&
Arch Linux:
Pre-built Binaries
Download the latest release from GitHub Releases.
Quick Start
1. Generate Keys
Generate encryption keys:
Generate signing keys (required for encryption):
# verification key: anubis1mldsa871tu22gw7ysld7gsw3c8dn7aydpagllmunu...
The identity file (my-key.txt) contains:
- Your private key (ANUBIS-MLKEM-1024-SECRET-...)
- Your public key (anubis1mlkem1...)
The signing key file (signing-key.txt) contains:
- Your signing key (ANUBIS-MLDSA-87-SECRET-...)
- Your verification key (anubis1mldsa87...)
Keep both identity and signing key files secure!
2. Encrypt a File (with mandatory signature)
Or use the identity file directly:
3. Decrypt a File (with mandatory verification)
You can also pass the verification key file instead of the key string:
Usage Guide
Command-Line Syntax
Usage: anubis-rage [--encrypt] (-r RECIPIENT | -R PATH)... --signing-key <PATH> [-i IDENTITY] [-a] [-o OUTPUT] [INPUT]
anubis-rage --decrypt --verify-key <KEY> [-i IDENTITY] [-o OUTPUT] [INPUT]
Arguments:
[INPUT] Path to a file to read from.
Options:
-h, --help Print this help message and exit.
-V, --version Print version info and exit.
-e, --encrypt Encrypt the input (the default).
-d, --decrypt Decrypt the input.
-a, --armor Encrypt to ASCII-armored format.
-r, --recipient <RECIPIENT> Encrypt to the specified ML-KEM-1024 recipient.
-R, --recipients-file <PATH> Encrypt to recipients listed at PATH.
-s, --signing-key <PATH> ML-DSA-87 signing key file (REQUIRED for encryption).
-k, --verify-key <KEY> ML-DSA-87 verification key (REQUIRED for decryption).
-i, --identity <IDENTITY> Use the ML-KEM-1024 identity file at IDENTITY.
-o, --output <OUTPUT> Write the result to OUTPUT.
Note: As of v1.1.0, all encrypted files are automatically signed with ML-DSA-87, and all decryption operations automatically verify signatures. The --signing-key and --verify-key flags are mandatory.
Multiple Recipients
Encrypt to multiple recipients - any one can decrypt:
Recipients File
Create a file with multiple recipients:
# Alice - Security Team
# Bob - DevOps Team
# Carol - Management
ASCII Armor
Create ASCII-armored output for safe transmission through text channels:
Streaming Encryption
Anubis Rage works seamlessly with pipes and streams:
# Encrypt and compress a directory
|
# Decrypt and extract
|
# Database backup
|
Identity Management
Convert identity to public key for sharing:
Advanced Features
Format Specification
Anubis Rage uses a quantum-resistant file format based on the age specification:
anubis-encryption.org/v1
-> MLKEM-1024
[base64-encoded-encapsulated-key]
[base64-encoded-wrapped-file-key]
-> [grease-stanza]
[grease-body]
[encrypted-payload]
The file structure ensures:
- Authenticated encryption via AES-256-GCM-SIV or ChaCha20-Poly1305
- Key encapsulation via ML-KEM-1024 (2592-byte ciphertext)
- Header authentication via HMAC-SHA512 (64-byte MAC, 86 base64 characters)
- Forward secrecy through ephemeral key wrapping
- Recipient privacy (no public key metadata in file)
Key Derivation
The file encryption key is derived using:
- ML-KEM-1024 Encapsulation: Generate shared secret (32 bytes)
- HKDF-SHA512: Derive wrapping key from:
- Shared secret
- Recipient public key
- Ciphertext
- Label:
anubis-encryption.org/v1/MLKEM-1024 - NIST Level-5 security with SHA-512
- ChaCha20-Poly1305: Encrypt the file key (16 bytes)
- AES-256-GCM-SIV or ChaCha20-Poly1305: Encrypt payload with derived file key
Security Considerations
✅ Recommended Practices
- Store identity files with
chmod 600(owner-only access) - Use unique keys per device/user
- Rotate keys periodically
- Keep backups of identity files in secure locations
- Use
-a/--armorfor transmission over text channels
⚠️ Important Warnings
- No Passphrase Support: ML-KEM-1024 keys cannot be encrypted with passphrases
- No SSH Key Support: Only native ML-KEM-1024 keys are supported
- No Plugin Support: Anubis Rage is standalone, no age plugins
- Quantum Security Only: This is a specialized post-quantum tool
🔒 Key Storage Best Practices
# Set secure permissions
# Use hardware security modules (recommended for production)
# Store keys on encrypted volumes
# Consider key escrow for organizational keys
Use Cases
Personal Data Protection
# Encrypt personal documents
# Decrypt when needed
Secure Backups
#!/bin/bash
# backup.sh - Quantum-safe backup script
DATE=
BACKUP_DIR="/mnt/backups"
RECIPIENTS="~/.config/anubis-rage/backup-keys.txt"
# Backup database with encryption
| \
# Backup application data
| \
Team Collaboration
# Create shared team key file
# Encrypt shared document
# Any team member can decrypt
Automated Encryption in CI/CD
# .github/workflows/secure-artifacts.yml
name: Encrypt Build Artifacts
on:
push:
branches:
jobs:
build-and-encrypt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Anubis Rage
run: |
curl -L https://github.com/anubis-rage/anubis-rage/releases/latest/download/anubis-rage-x86_64-linux.tar.gz | tar xz
sudo mv anubis-rage* /usr/local/bin/
- name: Build application
run: cargo build --release
- name: Encrypt artifacts
env:
RECIPIENT_KEY: ${{ secrets.ARTIFACT_RECIPIENT_KEY }}
run: |
anubis-rage -r "$RECIPIENT_KEY" \
-o target/release/app.encrypted \
target/release/app
- name: Upload encrypted artifact
uses: actions/upload-artifact@v3
with:
name: encrypted-binary
path: target/release/app.encrypted
Comparison with Other Tools
| Feature | Anubis Rage | age/rage | GPG | NaCl/libsodium |
|---|---|---|---|---|
| Post-Quantum Security | ✅ ML-KEM-1024 | ❌ X25519 only | ❌ RSA/ECC | ❌ X25519 only |
| NIST Standardized | ✅ FIPS 203 | ❌ | ✅ (legacy) | ❌ |
| Simple Key Format | ✅ | ✅ | ❌ | ✅ |
| No Config Files | ✅ | ✅ | ❌ | ✅ |
| Forward Secrecy | ✅ | ✅ | ❌ | ✅ |
| Quantum Resistant | ✅ | ❌ | ❌ | ❌ |
| UNIX Composability | ✅ | ✅ | ⚠️ | ⚠️ |
Performance
Typical performance on modern hardware (2023 MacBook Pro M2):
| Operation | File Size | Time | Throughput |
|---|---|---|---|
| Key Generation | - | ~2ms | - |
| Encryption | 1 MB | ~8ms | 125 MB/s |
| Encryption | 100 MB | ~750ms | 133 MB/s |
| Encryption | 1 GB | ~7.5s | 133 MB/s |
| Decryption | 1 MB | ~8ms | 125 MB/s |
| Decryption | 100 MB | ~740ms | 135 MB/s |
| Decryption | 1 GB | ~7.3s | 137 MB/s |
ML-KEM-1024 operations add minimal overhead compared to classical encryption.
Library Usage
Applications can integrate Anubis Rage functionality using the age crate:
use ;
use ;
use ;
// Generate a new ML-KEM-1024 identity
let identity = generate;
let recipient = identity.to_public;
// Encrypt
let encryptor = with_recipients
.expect;
let mut encrypted = vec!;
let mut writer = encryptor.wrap_output?;
writer.write_all?;
writer.finish?;
// Decrypt
let decryptor = match new? ;
let mut decrypted = vec!;
let mut reader = decryptor.decrypt?;
reader.read_to_end?;
assert_eq!;
See the age crate documentation for complete API details.
Building from Source
Prerequisites
- Rust 1.71+: Install from rustup.rs
- liboqs: Open Quantum Safe library
- CMake & Ninja: For building liboqs
- Git: For cloning the repository
Build Steps
# Clone repository
# Build release binaries
# Run tests
# Install locally
Development Build
# Build with debug symbols
# Run with verbose output
RUST_LOG=debug
# Run specific tests
Troubleshooting
Common Issues
1. "liboqs not found"
# Ensure liboqs is installed and in library path
# Linux
# macOS
2. "Permission denied" when decrypting
# Check identity file permissions
3. "Invalid header" errors
# Verify file is actually encrypted with Anubis Rage
# Should start with: anubis-encryption.org/v1
4. "Recipient not found"
- Ensure you're using the correct identity file
- Verify the file was encrypted to your public key
- Check for file corruption
Security Disclosure
If you discover a security vulnerability in Anubis Rage, please email:
We follow responsible disclosure practices:
- Acknowledge receipt within 48 hours
- Provide initial assessment within 7 days
- Aim to patch critical vulnerabilities within 30 days
- Credit reporters (with permission) in security advisories
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
Areas of Interest
- Performance optimizations
- Additional platform support
- Documentation improvements
- Security audits
- Integration examples
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Acknowledgments
- NIST - For standardizing post-quantum cryptography
- Open Quantum Safe - For the liboqs implementation
- age specification - For the elegant file format design
- Filippo Valsorda & Ben Cox - For designing the age format
- Rust community - For excellent cryptography crates
Further Reading
Anubis Rage Documentation
- NIST Security Analysis - Comprehensive NIST Category 5 compliance analysis
- Security Policy - Cryptographic guarantees and vulnerability reporting
- Contributing Guide - Development and contribution guidelines
Standards and Specifications
- NIST Post-Quantum Cryptography Standardization
- FIPS 203: ML-KEM Standard
- NIST SP 800-56C: Key Derivation
- age specification v1
- Open Quantum Safe Project
Anubis Rage - Protecting your data in the quantum era.