⭐⭐⭐⭐⭐ PQCypher — Secure File Exchange Guide (Client Manual)

It allows remote exchange of data using post quantum encryption, against RSA AND Quantum attacks.

PQCypher enables post-quantum secure file exchange using ML-KEM (Kyber), ML-DSA (Dilithium), AES-256-GCM, and LZMA compression.
This guide explains exactly what the Sender must do and what the Recipient must do.

1️⃣ Overview

There are two roles:

🔵 Sender (Client)

The person who will send encrypted files.

🟢 Recipient (Server)

The person who will receive and decrypt the files.

PQCypher uses a 4-step handshake to establish a shared AES-256-GCM key, and then both sides can exchange encrypted files safely.

2️⃣ Key Files Generated by PQCypher

Recipient generates (server keys):

  • kyber.pub

  • kyber.prv

  • dilithium.pub

  • dilithium.prv

Sender generates (client keys):

  • client_dilithium.pub

  • client_dilithium.prv

Both sides receive:

  • simmetric.key → shared AES-256-GCM key

⚠️ Never share private keys (*.prv).
🟢 Only kyber.pub travels from Recipient → Sender.
🔵 Only client_cipher.bin travels from Sender → Recipient.

3️⃣ Recipient Setup (Server-Side)

🟢 Step 1 — Generate server keys

 
PQCypher handshake gen-server-keys

This creates:

  • Kyber public/private pair

  • Dilithium public/private pair

🟢 Step 2 — Send ONLY the public Kyber key

You must send to the Sender:

 
kyber.pub

⚠️ Do not send any private keys.

4️⃣ Sender Setup (Client-Side)

🔵 Step 1 — Generate client keys

 
PQCypher handshake gen-client-keys

🔵 Step 2 — Receive kyber.pub from Recipient

🔵 Step 3 — Initiate handshake

 
PQCypher handshake client-initiate

This produces:

  • client_cipher.bin → encrypted handshake message

  • client_shared_secret.bin → internal use

🔵 Step 4 — Send client_cipher.bin to the Recipient

5️⃣ Recipient Completes the Handshake

Recipient runs:

 
PQCypher handshake server-respond

This creates:

  • server_shared_secret.bin

  • simmetric.key → final AES-256-GCM shared key

Recipient now has the symmetric key.

🟢 Step 2 — Send server_response.bin back to Sender (if required)

Depends on your configuration; some modes finalize automatically.

6️⃣ Sender Finalizes the Handshake

Sender runs:

 
PQCypher handshake client-complete

This generates:

  • simmetric.key (identical to server's)

At this point:

🎉 The sender and recipient share the same AES-256-GCM key.
🔐 Secure encrypted file exchange can begin.

7️⃣ Encrypting Files (Sender)

🔵 Step 1 — Compress the file

 
PQCypher compress input.txt output.lzma

🔵 Step 2 — Encrypt

 
PQCypher encrypt output.lzma secure.enc

🔵 Step 3 — Send secure.enc to the recipient

8️⃣ Decrypting Files (Recipient)

🟢 Step 1 — Decrypt

 
PQCypher decrypt secure.enc decrypted.lzma

🟢 Step 2 — Decompress

 
PQCypher decompress decrypted.lzma final_output.txt

Done — the file is restored.

9️⃣ Security Best Practices

🛑 Never share private keys (*.prv)
🛑 Never send the simmetric.key
🔐 Always verify file integrity
♻️ Regenerate server keys periodically
💾 Keep backups of your keys in secure encrypted storage

🔟 Quick Role Summary

🟢 Recipient Must:

  • Generate server keys

  • Share kyber.pub

  • Respond to handshake

  • Decrypt incoming files

🔵 Sender Must:

  • Generate client keys

  • Receive kyber.pub

  • Initiate handshake

  • Send client_cipher.bin

  • Encrypt files and send

🎯 Final Notes for the Customer

PQCypher is designed to provide military-grade, post-quantum-safe encryption using hybrid techniques. Even if future quantum computers emerge, the encrypted files remain secure.