A post-quantum cryptographic keyring manager for Windows. Aegis stores and manages public/private key pairs inside a local AES-256-GCM encrypted vault, with full support for NIST PQC standard algorithms alongside traditional cryptography.
- Post-Quantum KEMs — ML-KEM-512, ML-KEM-768, ML-KEM-1024 (NIST FIPS 203)
- Post-Quantum Signatures — ML-DSA-44, ML-DSA-65, ML-DSA-87 (NIST FIPS 204), Falcon-512, Falcon-1024
- Traditional Algorithms — RSA (2048 / 4096-bit), Ed25519, Curve25519 (X25519)
- Hybrid PQ Encryption — ML-KEM key encapsulation + AES-256-GCM payload encryption
- Traditional PGP Encryption — RSA-OAEP, ephemeral-static X25519 + AES-256-GCM
- Digital Signatures — PQ (ML-DSA, Falcon) and traditional (RSA-SHA256, Ed25519)
- PEM — OpenSSL-compatible PKCS#8 / SubjectPublicKeyInfo
- OpenPGP / GnuPG — compatible ASCII-armored format for RSA and Ed25519 keys
- Aegis Armor — custom CRC24-checksummed Base64 armor format
- Hex / Base64 — raw byte inspection
- PEM — traditional RSA, Ed25519, and X25519 public/private key material
- OpenPGP — limited v4 RSA and Ed25519 public keys plus unencrypted secret keys
- Aegis Armor — Aegis-native armored key blocks with CRC24 validation
- Master-password protected vault stored at
%LOCALAPPDATA%\Aegis\keyring.enc - Key derived with PBKDF2-HMAC-SHA256 (100,000 iterations) + 16-byte random salt
- Vault content encrypted with AES-256-GCM; salt, IV, and authentication tag prepended to ciphertext
- In-memory session key zeroed with
SecureZeroMemoryon lock - Read-only vault health inspection for malformed, truncated, missing, and valid-looking vault files
- Encrypted vault backup/import, purge, and master password change workflows
- Search, algorithm-family filtering, lifecycle filtering, and key sorting
- Editable lifecycle state, purpose, provenance/source, notes, tags, and review dates
- Dashboard review queues and lifecycle counts
- Persisted settings for lock timeout, lock-on-minimize, export confirmation, clipboard clearing, warning policy, default algorithms, and backup folder
Aegis/
├── App.xaml(.h/.cpp) — WinUI 3 application entry point
├── MainWindow.xaml(.h/.cpp) — Navigation shell: Dashboard, Keygen,
│ Keyring, Crypto, Settings views
├── CryptoService.h/.cpp — All cryptographic operations
│ ├── Key generation (OpenSSL EVP + liboqs)
│ ├── Hybrid PQ encryption (ML-KEM + AES-256-GCM)
│ ├── PGP-style encryption (RSA-OAEP, X25519 ECDH + AES-256-GCM)
│ ├── Digital signatures (ML-DSA, Falcon, RSA, Ed25519)
│ ├── Key formatting (PEM, OpenPGP, Aegis Armor, Base64, Hex)
│ └── Symmetric vault crypto (PBKDF2 + AES-256-GCM)
├── StorageService.h/.cpp — Encrypted JSON vault read/write
│ ├── Keyring lifecycle (create, unlock, lock)
│ ├── Vault health/recovery (safe inspection, atomic writes)
│ └── Key CRUD + metadata (add, list, update, delete, decrypt private key)
├── AppSettings.h/.cpp — Non-secret persisted operator preferences
├── AegisTests/ — Visual Studio unit tests for crypto and storage
├── pch.h — Precompiled header (WinRT, WIL)
└── test_crypto.cpp — Standalone cryptography smoke tests
Dependencies
| Library | Purpose |
|---|---|
| OpenSSL | RSA, Ed25519, X25519, AES-256-GCM, PBKDF2, PEM, Base64 |
| liboqs | ML-KEM, ML-DSA, Falcon (NIST PQC round-4 / FIPS standards) |
| Windows App SDK 2.1 | WinUI 3 runtime, XAML, WinRT projection |
| C++/WinRT | WinRT language projection |
| WIL | Windows Implementation Library helpers |
- Windows 10 version 1809 (build 17763) or later
- Visual Studio 2022 v17.4+ with the Desktop development with C++ and Windows application development workloads
- OpenSSL static libraries built for the target platform (x64 / ARM64)
- liboqs static library built for the target platform
-
Clone the repository
git clone https://github.com/APTlantis/AegisDesktop.git cd AegisDesktop -
Build OpenSSL (static, no-shared) and liboqs for your target platform and point the project's include/library paths at them. The
.vcxprojexpects them underexternal\. -
Restore NuGet packages
nuget restore Aegis.sln -
Open
Aegis.slnin Visual Studio 2022 and build inRelease | x64.
Aegis v0.2.0 has a private local MSIX release path for installing the app on this machine without publishing a GitHub release. Dependency provenance is recorded in docs/dependency-provenance.md, and platform validation status is recorded in docs/platform-validation-matrix.md.
Build the local package:
powershell -ExecutionPolicy Bypass -File installer\build-msix.ps1 -Version 0.2.0.0 -Configuration Release -Platform x64
Install the signed local package:
powershell -ExecutionPolicy Bypass -File installer\install-msix.ps1 -Version 0.2.0.0
The package is signed with a self-signed local certificate and is intended for local development use only. Uninstalling the MSIX removes the app package, not %LOCALAPPDATA%\Aegis\keyring.enc.
- Launch
Aegis.exe. - On first run, enter a master password (minimum 8 characters) and click Enter Password Above to Create Vault to initialize the encrypted vault.
- On subsequent runs, enter your master password and click Unlock Keyring.
- Navigate the sidebar:
- Dashboard — summary of stored keys
- Keygen — generate new PQ or traditional key pairs
- Keyring — browse, export, and delete stored keys
- Crypto — encrypt, decrypt, sign, and verify data using keys from the ring
- Click the lock icon to wipe the session key from memory and return to the unlock screen.
- Unified Roadmap — one numbered non-testing roadmap from Priority 1 through Priority 24.
- Testing Maturity Roadmap — separate testing roadmap sequence.
- Roadmap Completion Inventory — current completed, partial, and open roadmap state.
- Vault Format Notes — vault layout and recovery expectations.
- Threat Model — assets, actors, boundaries, invariants, and non-goals.
- Crypto Design — cryptographic primitives, schemes, and dependency scope.
- Key Lifecycle — key states, review rules, and warning policy.
- Release Checklist — release-side build, test, vault safety, security, and artifact checks.
- Dependency Provenance — exact dependency versions, local checksums, and remaining public-release evidence gaps.
- Platform Validation Matrix — x64/ARM64 validation status.
- Release Integrity — local package hash/signing verification and future public evidence expectations.
- No-Secrets Logging Policy — diagnostic logging rules before any logging pipeline is introduced.
- Private-Key UI and Clipboard Audit — release-readiness checklist for private material exposure boundaries.
- Evidence Pipeline Walkthrough — configured workflow/evidence pipeline and local verification status.
- v0.3.0 OpenPGP Backend Orchestration Foundation — backend scanner, status UI panel, and operations provenance.
- Backend Orchestration Architecture — execution design, registry, and security model for GnuPG and OpenSSL.
- Cryptographic Provenance Model — operation logging schema stored under key metadata.
- OpenPGP Interoperability Migration Plan — strategy for full OpenPGP compliance.
- v0.2.1 Public Release Readiness Milestone — evidence, fixture, settings, and audit-prep milestone note.
- v0.2.0 Crypto File Workflows and Export Policy Release — private local install release note.
- v0.1.2 OpenPGP Import and UI Automation Release — private local install release note.
- v0.1.1 Local MSIX Roadmap Update — private local install release note.
- v0.1.0 Local MSIX Foundation Release — first private local install release note.
- Private keys are stored encrypted at rest inside the vault; the vault key is never persisted.
- The session key exists only in memory and is wiped with
SecureZeroMemoryon lock. - Post-quantum algorithms implemented via Open Quantum Safe / liboqs and conform to NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA).
- Backend Cryptographic Orchestration: Aegis triggers system-installed tools (
gpg.exe,openssl.exe) to perform operations. Users are responsible for verifying the integrity of these external binaries; Aegis scans and computes host binary hashes to assist in auditing. - Experimental PQ OpenPGP: Standard OpenPGP (RFC 9580) does not define standard packets for post-quantum algorithms. Pure PQ keys inside Aegis are non-standard and use custom native serialization formats. Do not attempt to use them as standard interoperable PGP keys.
- This project is under active development and has not been independently audited. Do not use it for production key material until a security review has been completed.
MIT — see LICENSE for details.