{"id":50973268,"url":"https://github.com/gh4rib/pqpg-go","last_synced_at":"2026-06-19T04:32:15.888Z","repository":{"id":361569016,"uuid":"1254960812","full_name":"gh4rib/pqpg-go","owner":"gh4rib","description":"A Post-Quantum Cryptographic (PQC) Privacy Guard built in Go 1.25 using liboqs.","archived":false,"fork":false,"pushed_at":"2026-05-31T14:35:48.000Z","size":25,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T16:18:36.218Z","etag":null,"topics":["post-quantum","post-quantum-kem","post-quantum-privacy-gaurd","post-quantum-signature","pq","pqc","privacy","privacy-guard"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gh4rib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-31T08:05:42.000Z","updated_at":"2026-05-31T14:35:52.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gh4rib/pqpg-go","commit_stats":null,"previous_names":["gh4rib/pqc-messenger-go","gh4rib/pqpg-go"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/gh4rib/pqpg-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh4rib%2Fpqpg-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh4rib%2Fpqpg-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh4rib%2Fpqpg-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh4rib%2Fpqpg-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gh4rib","download_url":"https://codeload.github.com/gh4rib/pqpg-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gh4rib%2Fpqpg-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34517748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["post-quantum","post-quantum-kem","post-quantum-privacy-gaurd","post-quantum-signature","pq","pqc","privacy","privacy-guard"],"created_at":"2026-06-19T04:32:15.056Z","updated_at":"2026-06-19T04:32:15.873Z","avatar_url":"https://github.com/gh4rib.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Post-Quantum Privacy Guard (Golang Edition)\n\nA Prototype Post-Quantum Cryptographic (PQC) Privacy Guard built in Go 1.25 using liboqs. \n\nThis engine utilizes a **Hybrid KEM Architecture** (Classical Elliptic Curve + Lattice-based Cryptography) and a strict **Hash-and-Sign** paradigm to guarantee NIST Level 5 quantum resistance, seamless file transmission, and absolute memory safety across the CGO boundary.\n\n## Features\n\n- **Crypto-Agility:** Dynamically swap Key Encapsulation Mechanisms (KEMs), Digital Signatures, Hash functions, and Symmetric Ciphers based on recipient profiles.\n- **Hybrid Key Exchange:** Combines classical `X25519` with Post-Quantum KEMs to ensure security against both traditional and quantum adversaries.\n- **Strict Memory Sanitization:** Utilizes `oqs.MemCleanse()` to aggressively zero-out lattice secrets and master keys from RAM to prevent cold-boot and memory scraping attacks.\n- **CGO Boundary Protection:** Implements deep-copy byte cloning (`cloneBytes`) and a fixed-length Hash-and-Sign digest pipeline to prevent Go garbage-collector pointer corruption and dangling C-memory wipes.\n- **Air-Gapped PKI:** Generates offline public/private keyrings for secure, file-based identity routing.\n\n## Supported Cryptographic Primitives\n\nThe engine interfaces natively with the C-based `liboqs` to support the latest FIPS 204/205 drafts and conservative pre-standardization algorithms:\n\n| Category | Supported Algorithms |\n| :--- | :--- |\n| **Post-Quantum KEM** | `ML-KEM-768`, `ML-KEM-1024`, `NTRU-HPS-4096-1229`, `Kyber1024` |\n| **Classical KEM** | `X25519` (ECDH) |\n| **PQ Digital Signatures** | `ML-DSA-65`, `ML-DSA-87`, `SLH_DSA_PURE_SHA2_256S`, `Falcon-1024` |\n| **Symmetric AEAD** | `AES-256-GCM`, `ChaCha20-Poly1305` |\n| **Key Derivation (KDF)** | `SHA-384`, `SHA-512`, `SHAKE-256` (Sponge XOF) |\n\n## Prerequisites\n\n- **Go 1.25+** (Required for the latest `crypto` and `hash` interface optimizations).\n- **liboqs:** The Open Quantum Safe C library must be compiled and installed on your system.\n- **liboqs-go:** The Golang wrapper for `liboqs`.\n\nEnsure your CGO environment variables are configured to point to your `liboqs` build:\n```bash\n\nsudo mkdir -p /usr/local/lib/pkgconfig\n\nsudo tee /usr/local/lib/pkgconfig/liboqs-go.pc \u003e /dev/null \u003c\u003c 'EOF'\nLIBOQS_INCLUDE_DIR=/usr/local/include\nLIBOQS_LIB_DIR=/usr/local/lib\n\nName: liboqs-go\nDescription: liboqs CGO pkg-config file for Go bindings\nVersion: 0.15.0\nCflags: -I${LIBOQS_INCLUDE_DIR}\nLibs: -L${LIBOQS_LIB_DIR} -loqs\nEOF\n\nexport PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH\nexport LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH\nexport CGO_CFLAGS=\"-I/usr/local/include -I/usr/include\"\nexport CGO_LDFLAGS=\"-L/usr/local/lib -L/usr/lib/x86_64-linux-gnu -loqs\"\n\ngo get github.com/open-quantum-safe/liboqs-go/oqs\n```\n\n## Installation \u0026 Build\n\nClone the repository and build the interactive CLI binary:\n\n```bash\ncd pqc-messaging-go\ngo mod tidy\ngo build -o pqc-messenger main.go\n\n```\n\n### Usage Guide\n\nLaunch the interactive CLI:\n\n```bash\n./pqc-messenger\n\n```\n\n## Establish an Identity (PKI Setup)\n\nSelect **Option 1** to generate a new offline keypair. You will be prompted to choose a security profile (e.g., NIST Level 5 `ML-KEM-1024` + `ML-DSA-87`).\n\n- This creates two folders: `./keys_name/private` (Keep Secret) and `./keys_name/public` (Share with friends).\n- The `profile.json` inside dictates your preferred routing algorithms.\n\n## Encrypt \u0026 Sign a File (Send)\n\nSelect **Option 2** to encrypt a payload for a recipient.\n\n- **Inputs needed:** Path to your private folder, path to the recipient's public folder, and the file you wish to send (e.g., `secret.pdf`).\n- **Output:** Generates an `outbox_msg.pqp` (Post-Quantum Packet) containing the serialized JSON envelope.\n\n## Decrypt \u0026 Verify a File (Receive)\n\nSelect **Option 3** to verify the cryptographic signature and decrypt the payload.\n\n- **Inputs needed:** Path to your private folder, path to the sender's public folder, and the `.pqp` packet.\n- **Output:** Upon mathematical verification of the signature and AEAD MAC tag, the engine outputs the decrypted file with a precise timestamp (e.g., `decrypted_msg_20260531_150405.txt`).\n\n## Security Architecture Notes\n\nThis framework addresses several notorious issues in Post-Quantum integration:\n\n1. **Dangling Pointers:** The `liboqs` C library aggressively frees memory structures. My `cloneBytes` function ensures that extracted lattice keys are safely ported into Go's garbage-collected heap before the C thread terminates.\n2. **Fiat-Shamir Sensitivity:** Algorithms like ML-DSA are highly sensitive to data serialization. My engine constructs a rigid byte-bundle combining the routing suite, ciphertext, nonce, and sender public key, strictly hashing it via `SHA-512` before passing it to the signature engine. This \"Authenticated Negotiation\" ensures an attacker cannot silently downgrade the cipher suite inside the JSON.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgh4rib%2Fpqpg-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgh4rib%2Fpqpg-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgh4rib%2Fpqpg-go/lists"}