PQCToolkit Post-Quantum Crypto

PQCToolkit brings next-generation post-quantum cryptography to your Android device — the same algorithms standardized by NIST to resist attacks from quantum computers.

All operations run 100% locally on your device. No accounts, no servers, no telemetry. Your keys and messages never leave your phone.

⚛️ NIST-STANDARDIZED ALGORITHMS

- ML-KEM / CRYSTALS-Kyber (FIPS 203) — Key encapsulation for secure message encryption
- ML-DSA / CRYSTALS-Dilithium (FIPS 204) — Digital signatures for document authentication
- Three security levels for each algorithm: 128-bit, 192-bit, and 256-bit post-quantum security

🔑 KEY GENERATION
Generate post-quantum key pairs in seconds directly on your device. Choose between ML-KEM (for encryption) and ML-DSA (for signatures) at three security levels each. Keys are stored encrypted using the Android Keystore system — protected by your device's secure hardware.

🔒 ENCRYPT MESSAGES
Encrypt any text message for a recipient using their ML-KEM public key. The app automatically looks up the recipient's key on PQCServer, or you can paste the key manually. Output is a compact JSON envelope compatible with pqctoolkit.com — you can encrypt on Android and decrypt on the web, and vice versa.

🔓 DECRYPT MESSAGES
Decrypt messages encrypted for you using your ML-KEM secret key. Simply paste the JSON envelope and the app decrypts it instantly using your locally stored key.

✏️ SIGN DOCUMENTS
Sign any text or document with your ML-DSA secret key. The output is a JSON envelope containing the original message and its post-quantum digital signature — proof that the content is authentic and has not been tampered with.

✔️ VERIFY SIGNATURES
Verify the authenticity of a signed message using the signer's ML-DSA public key. Instantly confirms both the identity of the signer and the integrity of the content.

👤 KEY MANAGER
Store and manage multiple PQC identities on your device. Publish your public key to PQCServer — a post-quantum key directory — so others can encrypt messages for you automatically. Export encrypted backups of your private keys protected by a passphrase, and restore them on any device.

🌐 PQCSERVER INTEGRATION
PQCToolkit integrates with PQCServer (pqcserver.com), an open post-quantum key directory. Publish your public key once, and anyone using PQCToolkit, PQCMail, or any compatible app can find your key and send you encrypted messages.

🛡️ PRIVACY & SECURITY
- All cryptography runs on your device — no cloud processing
- Private keys protected by Android Keystore (hardware-backed TEE)
- Encrypted key backups with PBKDF2-SHA256 (310,000 iterations) + AES-256-GCM
- Zero telemetry, zero analytics, zero ads
- No account required
- Open source

📦 TECHNICAL DETAILS
Powered by Bouncy Castle 1.78 — a certified Java implementation of NIST FIPS 203 and FIPS 204. No native libraries, no WebAssembly — pure Java running on the standard Android JVM. Compatible with Android 8.0 (API 26) and above.

Quantum computers are coming. Your data should be ready.