🛡️ Encrypted Storage for Key Folders & Sensitive Artifacts

PQVault is a post-quantum-oriented secure repository designed to store, index, and extract sensitive files such as:

• ML-KEM / Dilithium keypairs

• Certificates

• License files

• Secret configuration folders

• Encrypted backups

• Any security-critical directory the client needs to preserve

The system packs all content into a single file:

with integrity verification using CRC32.

1️⃣ What PQVault Is (Explained Simply)

PQVault behaves like a mini secure archive that stores directories containing key files.
It is meant for:

• Backup of cryptographic keys

• Secure exporting of a key directory

• Emergency restoration

• Offline archival

• Audit logging of key evolution

Think of it as a quantum-age vault, but simple enough for any professional to use.

2️⃣ What PQVault Stores

When the client runs add <dir>, PQVault stores:

• ⏰ Timestamp

• 📁 Original directory name

• 📄 Each file name

• 📏 File size

• 🔍 CRC32 integrity checksum

• 💾 Raw file contents

Everything is saved inside:

Multiple directories can be appended sequentially.

3️⃣ Command Summary (Very Simple)

➕ Add a directory

📜 List all stored entries

📤 Extract a single file

Extraction restores the file into:

4️⃣ How the Client Should Use PQVault

Below is the workflow designed for real-world usage.

🟦 A. Adding Key Folders to the Vault

1. Select the directory you want to store

Example:

2. Run the add command

3. PQVault will:

• Read all files

• Compute CRC32 for each

• Store metadata + raw file bytes into vault.pqv

• Append a new vault entry (the vault supports multiple entries)

Output shown to the user:

🟩 B. Listing What’s Inside the Vault

To check which directories or backups were previously added:

Example output:

Each line displays:

• Timestamp

• Origin directory name

This is essential for audit logs and forensic tracking.

🟥 C. Extracting a File from the Vault

If the client loses a key and needs to restore it:

1. Run the extract command

2. PQVault will:

• Search for kyber.prv inside vault.pqv

• Restore it into a folder named:

3. Output example:

If the file does not exist:

5️⃣ What PQVault Does Not Do

To avoid confusion:

🚫 PQVault is not an encryption system
🚫 PQVault does not replace PQCypher
🚫 PQVault does not decrypt or encrypt files

It is an offline archive with integrity verification, not a cryptographic cipher.

If the client needs encryption → use PQCypher or PQFileCompressAndLock.
PQVault = storage only.

6️⃣ Best Practices for Clients

✔️ Keep vault.pqv in multiple secure locations

Preferably:

• Offline USB

• Cloud encrypted folder

• Company backup server

✔️ Archive keys after each major change

Ex:

✔️ Do not modify vault.pqv manually

It is a binary file with defined structure. Alterations break CRC verification.

✔️ Use meaningful directory names

Clients should name folders clearly before adding them.

7️⃣ Quick Example Scenario (Realistic)

🎯 Goal: A company wants to back up their PQCypher key directory.

1. They organize their keys in a folder:

2. They execute:

3. Months later, they lose dilithium.prv.

4. They restore with:

5. File reappears safely under:

🎉 Final Client Notes

PQVault is designed for security teams, IT administrators, and engineers who must keep critical files preserved with integrity assurance.

Its simplicity is intentional:

• no dependencies

• no external libraries

• works offline

• zero configuration