CEF Post-Quantum Secure File Exchange

Encrypt files for specific recipients using ML-KEM-768, sign with ML-DSA-65, and package them into a portable container. Everything runs in your browser.

What is CEF?

CEF (COSE Encrypted Files) is a secure file exchange format. It packages files into a ZIP container where the manifest and each file are individually encrypted with AES-256-GCM. Keys are wrapped using ML-KEM-768 (post-quantum), and the manifest is signed with ML-DSA-65. Without a recipient's private key, file names, types, and metadata are inaccessible.

Container structure

container.cef (ZIP archive)
  META-INF/
    manifest.cbor.cose encrypted manifest (COSE_Encrypt)
    manifest.cose-sign1 ML-DSA-65 signature
    manifest.tst RFC 3161 timestamp
  encrypted/
    <random>.cose AES-256-GCM per file
ExposedProtected
Files Count, approx. sizes Names, types, content
Sender Signing key ID Name, email
RecipientsKey IDs, wrap algorithm Names, emails, identities
Crypto AES-256-GCM, ML-KEM-768 Keys, plaintext
Timestamp TSA, time, policy (public by design)
Try the demo below to see real structure and decrypted content.
📁SourceGitHub repository 📜SpecificationWire format, CDDL, algorithms 🛡Threat ModelAssets, adversaries, limitations Go SDKReference implementation TypeScript SDKBrowser & Node.js 🔌Backend GuideImplement your own provider

Demo Key Pair

Encrypt & Sign

ML-KEM-768 + ML-DSA-65
Generate a key pair first
📄

Drop files or browse

Recipients
Your demo key is automatically included as a recipient.

Open Container

Decrypt + Verify + Inspect
Drop a .cef container or encrypt files first
🔒

Drop a .cef container to open

github.com/PeculiarVentures/cef · AES-256-GCM · ML-KEM-768 (FIPS 203) · ML-DSA-65 (FIPS 204) · COSE/CBOR · All crypto in-browser