1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
//! Quantum-resistant file encryption library.
//!
//! pqfile provides authenticated, post-quantum file encryption using NIST-standardised
//! algorithms. All format versions are stable on disk and documented in `docs/FORMAT.md`.
//!
//! # Algorithms
//!
//! - **Key encapsulation**: ML-KEM-512, ML-KEM-768 (default), ML-KEM-1024 (NIST FIPS 203)
//! - **Hybrid mode**: X25519 + ML-KEM-768 via HKDF-SHA256
//! - **Symmetric cipher**: ChaCha20-Poly1305 (RFC 8439)
//! - **Session key wrapping**: AES-256-GCM (multi-recipient modes)
//! - **Signatures**: ML-DSA-65 (NIST FIPS 204)
//! - **Passphrase protection**: Argon2id (m=64 MiB, t=3, p=4) + AES-256-GCM
//!
//! # Quick start
//!
//! ```no_run
//! use pqfile::{keygen, encrypt, decrypt};
//!
//! // Generate a key pair
//! let (pub_pem, priv_pem) = keygen::keygen_bytes(768, None).unwrap();
//!
//! // Encrypt
//! let plaintext = b"hello, post-quantum world";
//! let ciphertext = encrypt::encrypt_bytes(&pub_pem, plaintext).unwrap();
//!
//! // Decrypt
//! let recovered = decrypt::decrypt_bytes(&priv_pem, &ciphertext, None).unwrap();
//! assert_eq!(recovered, plaintext);
//! ```
//!
//! # Streaming
//!
//! For large files, use the streaming API to avoid loading the entire file into memory:
//!
//! ```no_run
//! use pqfile::{keygen, encrypt, decrypt};
//! use std::io::Cursor;
//!
//! let (pub_pem, priv_pem) = keygen::keygen_bytes(768, None).unwrap();
//! let plaintext = b"streaming data";
//!
//! let mut ct = Vec::new();
//! encrypt::encrypt_stream(&pub_pem, plaintext.len() as u64, pqfile::format::CHUNK_SIZE,
//! &mut Cursor::new(plaintext), &mut ct).unwrap();
//!
//! let mut out = Vec::new();
//! decrypt::decrypt_stream(&priv_pem, &mut ct.as_slice(), &mut out, None).unwrap();
//! assert_eq!(out, plaintext);
//! ```
//!
//! # Crate layout
//!
//! Items re-exported to the crate root (`pqfile::PqfileError`, `pqfile::CHUNK_SIZE`,
//! `pqfile::PqfReader`, `pqfile::PqfInfo`, `pqfile::inspect_stream`, `pqfile::PqfHeaderInfo`,
//! `pqfile::RecipientInfo`, and the typed key wrappers) are the stable, high-level surface.
//!
//! Operation functions (`encrypt_stream`, `decrypt_stream`, `signcrypt`, etc.) are always
//! addressed via their module path - e.g. `pqfile::encrypt::encrypt_stream`.
//!
//! The typed wrappers in `pqfile::keys` (`PqfPublicKey`, `PqfPrivateKey`, `PqfSigningKey`,
//! `PqfVerifyingKey`) are the recommended way to pass keys; they validate eagerly on
//! construction. Raw `&str` PEM parameters on operation functions are the lower-level
//! alternative when a typed wrapper is not convenient.
//!
//! # Stability
//!
//! The public API is **stable at 1.0**. Items in the modules listed in `STABILITY.md`
//! will not be removed or renamed before a 2.0 release. New items and new
//! `#[non_exhaustive]` variants may be added in minor (1.x) releases without
//! a major version bump. See `STABILITY.md` for the full policy.
// ── Public modules ─────────────────────────────────────────────────────────
/// Encrypted multi-file archive support (PQFA format).
/// Decryption: all format versions v2 through v7, all KEM variants.
/// Encryption: single-recipient, multi-recipient, compressed, and parallel modes.
/// Error types.
/// On-disk format constants and header structs.
/// Key generation: ML-KEM (512/768/1024), hybrid X25519+ML-KEM-768.
pub
pub
pub
pub
pub
/// Streaming decryptor: `PqfReader<R>` implements `std::io::Read`.
/// Streaming encryptor: `PqfWriter<W>` implements `std::io::Write`.
/// Rekey: transfer a v3/v5 file to a new recipient without re-encrypting.
/// Key revocation: create and check `.revoked` sidecar files.
/// Shamir secret sharing: split and reconstruct private keys (M-of-N).
/// ML-DSA-65 signing key generation, signing, and verification.
/// Signcrypt: sign-then-encrypt and decrypt-then-verify in a single step.
/// Sealed sender: deniable sender authentication via a static X25519 identity
/// keypair, distinct from the non-repudiable proof `signcrypt` provides.
/// Add a recipient to an existing multi-recipient file without re-encrypting.
/// Signable public key certificates: a minimal PKI layer over `sign`.
/// File header inspection without decryption.
/// Typed key wrapper structs (`PqfPublicKey`, `PqfPrivateKey`, `PqfSigningKey`, `PqfVerifyingKey`).
/// Secure file shredding: overwrite then delete.
/// Compact Bech32m recipient strings (`pqf1…`): encode/decode public keys without PEM files.
/// Passphrase upgrade: change or migrate the passphrase on any encrypted private key.
/// Hardware-backed private key support: OS credential store, future PKCS#11.
/// Plaintext-length padding (Padmé) and output truncation for stripping it back off.
/// Async encrypt / decrypt streaming via `tokio::io` (requires the `async` feature).
/// Time-locked encryption (V11 format) over the drand beacon (requires the `tlock` feature).
// ── Crate-root re-exports ──────────────────────────────────────────────────
pub use PqfileError;
pub use CHUNK_SIZE;
pub use ;
pub use ;
pub use ;
pub use ;
pub use PqfWriter;