I've been using age for backups and wanted to learn about post-quantum crypto, so I built pq-age, a Python implementation that adds a hybrid ML-KEM + X25519 recipient type.
What it does:
- Fully compatible with age/rage for X25519, SSH, and scrypt recipients
- Adds a new recipient type (mlkem1024-x25519-v1) for post-quantum paranoia
- Hybrid design: both algorithms must be broken to compromise the encryption
Design: ML-KEM-1024 (NIST Level 5) + X25519 combined via HKDF with transcript binding. The actual crypto runs in libsodium (C) and liboqs (C), with a small Rust extension for mlock/zeroize.
pip install pq-age
The PQ part is probably overkill, but it was a fun learning project. Not audited - use at your own risk for anything serious.
pq-dude•14h ago
What it does:
- Fully compatible with age/rage for X25519, SSH, and scrypt recipients
- Adds a new recipient type (mlkem1024-x25519-v1) for post-quantum paranoia
- Hybrid design: both algorithms must be broken to compromise the encryption
Design: ML-KEM-1024 (NIST Level 5) + X25519 combined via HKDF with transcript binding. The actual crypto runs in libsodium (C) and liboqs (C), with a small Rust extension for mlock/zeroize.
The PQ part is probably overkill, but it was a fun learning project. Not audited - use at your own risk for anything serious.https://github.com/pqdude/pq-age