Status: Phase 8 β Documentation & Deployment (approaching 1.0) Version: 0.1.0
Recrypt is a quantum-resistant proxy recryption system enabling secure, revocable file sharing with untrusted storage providers. Built on lattice-based cryptography (OpenFHE) with post-quantum signatures (liboqs), it provides end-to-end encryption where files can be shared without exposing private keys or plaintext to any intermediary.
Proxy recryption. A semi-trusted proxy transforms ciphertext encrypted for Alice into ciphertext for Bob without ever decrypting it. The storage provider facilitates sharing without access to plaintext, and access can be revoked without re-encrypting the file.
Hybrid encryption (KEM-DEM). A 256-bit symmetric key is wrapped with the post-quantum PRE backend (KEM); bulk data is encrypted with XChaCha20 + Bao (DEM). Only the wrapped key (~KB) is recrypted on share β never the file itself.
Pluggable PRE backends. OpenFHE BFV is the post-quantum default; a mock
backend exists for fast testing.
just setup # first time: submodules + C/C++ deps + build
just build-release # subsequent release buildsSee Development for prerequisites.
# Create an identity (ED25519 + ML-DSA-87 keypair, stored in an encrypted wallet)
recrypt identity new
# Encrypt / decrypt locally (--for selects the recipient identity)
recrypt encrypt myfile.txt --for alice --output myfile.enc
recrypt decrypt myfile.enc --output myfile.txt
# Register an account and upload a file to the proxy
recrypt --server https://recrypt.example.com account register
recrypt --server https://recrypt.example.com file upload myfile.enc
# Share with a recipient (generates a recryption key for the proxy)
recrypt share create <file-hash> --to <recipient-pubkey>
# Recipient downloads; the proxy recrypts the wrapped key on the fly
recrypt share download <share-id> --output myfile.txtRun recrypt --help (and recrypt <command> --help) for the full command set:
identity, encrypt, decrypt, account, file, share, config, wallet.
For a guided walkthrough see docs/user-guide.md.
recrypt/
βββ crates/
β βββ recrypt-ffi/ # Safe Rust API over OpenFHE + liboqs + ed25519
β βββ recrypt-openfhe-sys/ # Low-level CXX bridge to OpenFHE C++
β βββ recrypt-core/ # PRE backends, hybrid encryption, signatures
β βββ recrypt-wire/ # Wire protocol (Gordian Envelope + Bao)
β βββ recrypt-storage/ # S3-compatible content-addressed storage
β βββ identikey-storage-auth/ # Auth service (capabilities, ownership)
β βββ recrypt-client/ # Generated Rust HTTP client (from OpenAPI)
βββ recrypt-server/ # Recryption proxy server (Axum)
βββ recrypt-cli/ # Command-line interface
βββ recrypt-client-ts/ # Generated TypeScript HTTP client
βββ tests/e2e/ # E2E test harness (36 tests)
βββ docs/ # Architecture, standards, decisions
βββ vendor/ # OpenFHE, liboqs (git submodules)
ββββββββββββββββββββ
β recrypt-cli β workflows, wallet, HTTP client
ββββββββββ¬ββββββββββ
β reqwest (HTTP)
βΌ
ββββββββββββββββββββ
β recrypt-server β Axum proxy, auth middleware, routes
ββββββββββ¬ββββββββββ
ββββββββββββββββββββββΌβββββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββββββββββ
β recrypt-core β β recrypt-wire β β recrypt-storage β
β crypto objects β β wire format β β content-addressed blobs β
ββββββββββ¬ββββββββββ βββββοΏ½οΏ½οΏ½ββββββββββββββ ββββββββββββββββββββββββββββ
βΌ
ββββββββββββββββββββ ββββββββββββββββββββββββββββ
β recrypt-ffi β β identikey-storage-auth β
β OpenFHE+liboqs β β capabilities, ownership β
ββββββββββ¬ββββββββββ ββββββββββββββββββββββββββββ
βΌ
ββββββββββββββββββββββ
β recrypt-openfhe-sysβ raw CXX bridge to OpenFHE C++
ββββββββββββββββββββββ
See docs/architecture.md for per-crate ownership and
the full dependency graph.
| Crate | Purpose |
|---|---|
recrypt-ffi |
Safe Rust API over OpenFHE + liboqs |
recrypt-openfhe-sys |
Low-level CXX bridge to OpenFHE C++ |
recrypt-core |
PRE backends, hybrid encryption, signatures |
recrypt-wire |
Wire protocol (Gordian Envelope + Bao) |
recrypt-storage |
S3-compatible content-addressed storage |
identikey-storage-auth |
Auth service for storage access |
recrypt-client |
Generated Rust HTTP client |
| Component | Purpose |
|---|---|
recrypt-server |
Recryption proxy (holds recryption keys, never secrets) |
recrypt-cli |
Command-line interface |
recrypt-client-ts |
Generated TypeScript client for the proxy API |
Both HTTP clients are generated from the utoipa-annotated handlers in
recrypt-server (single source of truth β openapi.json β codegen). Regenerate
with just openapi-regen.
- OpenFHE BFV lattice-based proxy recryption (post-quantum)
- ED25519 (classical) + ML-DSA-87 (post-quantum) dual signatures
- Multi-signature authorization (all keys must sign)
- Blake3 for all hashing; Blake3/Bao tree mode for streaming integrity
- XChaCha20 + Bao authenticated symmetric encryption
- S3-compatible storage (Minio for dev, any S3 backend for prod)
- Content-addressed by Blake3 hash
- Separate auth service controls access by public key β file hash
- Chunked streaming for large files
- HTTP REST API (Axum) with OpenAPI schema
- CLI with encrypted wallet (Argon2id + XChaCha20-Poly1305), OS-keychain caching
- Generated Rust and TypeScript clients
| Component | Trust level | Notes |
|---|---|---|
| Storage provider | Untrusted | Sees only ciphertext + wrapped keys |
| Recryption proxy | Semi-trusted | Has recryption keys, not secret keys; self-hostable |
| Auth service | Trusted | Controls access; can be self-hosted |
| Client | Trusted | Holds secret keys |
- E2E encryption β plaintext never leaves the client
- Quantum resistance β lattice-based PRE + ML-DSA-87 signatures
- Per-file keys β fresh random symmetric key per file
- Streaming integrity β Blake3/Bao verification during download
See docs/threat-model.md and
docs/security-tiers.md for the full model.
- Rust (stable, edition 2024)
- OpenFHE C++ library + liboqs (built via
just build-deps; vendored as submodules) - OpenMP β
brew install libompon macOS - Docker (for the Minio S3 development environment)
Common commands (via Just)
just build # build the workspace
just test # run all tests (--test-threads=1; OpenFHE global state)
just lint # clippy
just format # rustfmt
just test-e2e # E2E harness (mock backend, ~30s)
just minio-up # start Minio for S3 development
just openapi-regen # regenerate Rust + TS clients from the server schema- Per-crate unit tests, with
proptestproperty tests for crypto operations - E2E harness at
tests/e2e/β 36 tests (19 CLI + 17 API), ~30s on the mock backend - S3 tests gated behind
--features s3-tests(requires Docker/Minio) - Tests validate semantic correctness (
decrypt(encrypt(x)) == x), not byte equality β OpenFHE serialization is non-deterministic. Seedocs/non-determinism.md.
Start with docs/architecture.md for the system
overview, then docs/user-guide.md for usage.
| Document | Description |
|---|---|
docs/architecture.md |
System overview, per-crate ownership |
docs/hybrid-encryption-architecture.md |
KEM-DEM with pluggable PRE backends |
docs/pre-backend-traits.md |
PreBackend trait hierarchy |
docs/storage-design.md |
S3 + auth service architecture |
docs/wire-protocol.md |
Gordian Envelope + ASCII armor formats |
docs/verification-architecture.md |
Blake3/Bao streaming verification |
docs/threat-model.md |
Threat model and security commitments |
docs/security-tiers.md |
Security tier hierarchy |
docs/non-determinism.md |
Crypto testing strategy |
docs/openfhe-threading-model.md |
OpenFHE global-state threading rules |
docs/http-api-reference.md |
HTTP API reference |
docs/deployment.md |
Deployment guide |
| Document | Description |
|---|---|
docs/standards/recrypt-key-material-v1.md |
Key material serialization |
docs/standards/xchacha20-bao-aead.md |
Streaming AEAD construction |
docs/standards/wallet-envelope-format.md |
Encrypted wallet envelope format |
docs/standards/identity-self-signature.md |
Identity self-signature shape |
docs/standards/dcbor-determinism.md |
dCBOR interop contract |
docs/standards/hashing-standard.md |
Blake3 standardization |
Architectural decisions live in docs/decisions/; read them
before relitigating long-tail design questions.
- Recryption β transformation of ciphertext from one key to another (not "re-encryption")
- Recryption key β the key enabling that transformation (not "rekey")
- Recrypted β data that has undergone recryption
Standardized throughout the codebase.
Recrypt is dual-licensed:
- Noncommercial use β licensed under the PolyForm Noncommercial License 1.0.0. Personal, research, educational, and nonprofit use is free, including running it in production. You are not required to publish your own source code.
- Commercial use β any use as part of a money-making product, service, or business requires a commercial license from Identikey Inc. See LICENSE-COMMERCIAL.md or contact sales@identikey.io.
If you are not making money with Recrypt, the noncommercial license covers you. If you are, you need a commercial license.
Vendored third-party dependencies under vendor/ (e.g. OpenFHE, liboqs) remain
under their own licenses.
- Website: identikey.io/recryption
- Repository: github.com/identikey/recrypt