@qsafe/sdk (TypeScript / Node.js)

Post-quantum cryptography SDK for the QSafe API — supports ML-KEM (Kyber) encryption and ML-DSA (Dilithium) signatures.

• API version: 1.0.0
• Package version: 1.0.0
• Works in Node.js, Webpack, and Browserify

Installation

npm install @qsafe/sdk

Authentication

| Method | Use case | Configuration | |--------|----------|---------------| | API Key | Programmatic access (recommended) | apiKey: (name) => name === 'ApiKeyHeader' ? 'pqc_...' : '' | | JWT Bearer | Managing API keys, user sessions | accessToken: 'your_jwt_token' |

Getting an API key: Register → Login (JWT) → POST /api-keys → copy data.api_key.

Quick Start — API Key Auth (Recommended)

import { Configuration, KeypairsApi, CryptographicOperationsApi,
         GenerateKeypairRequest, EncryptRequest, DecryptRequest,
         SignRequest, VerifyRequest } from '@qsafe/sdk';

const config = new Configuration({
  apiKey: (securityName: string) =>
    securityName === 'ApiKeyHeader' ? 'pqc_your_api_key_here' : '',
});

const keypairsApi = new KeypairsApi(config);
const cryptoApi = new CryptographicOperationsApi(config);

async function run() {
  // 1. Generate a KEM keypair
  const kp = await keypairsApi.generateKeypair({ algorithm: 'KYBER768' });
  const keypairId = kp.data.data!.id!;
  console.log('Keypair:', keypairId);

  // 2. Encrypt
  const enc = await cryptoApi.encryptData(keypairId, {
    plaintext: 'Hello, quantum-safe world!'
  });
  const { ciphertext, encapsulated_key } = enc.data.data!;

  // 3. Decrypt
  const dec = await cryptoApi.decryptData(keypairId, {
    ciphertext,
    encapsulated_key,
  });
  console.log('Decrypted:', dec.data.data!.plaintext);
}

run().catch(console.error);

Sign & Verify

// Generate a signature keypair
const kp = await keypairsApi.generateKeypair({ algorithm: 'DILITHIUM3' });
const keypairId = kp.data.data!.id!;

// Sign
const sig = await cryptoApi.signData(keypairId, {
  message: 'I approve this transaction',
  hash_algorithm: 'sha256',
});
const signature = sig.data.data!.signature!;

// Verify
const ver = await cryptoApi.verifySignature(keypairId, {
  message: 'I approve this transaction',
  signature,
  hash_algorithm: 'sha256',
});
console.log('Valid:', ver.data.data!.verification_result!.valid); // true

Quick Start — JWT Auth (for managing API keys)

import { Configuration, AuthenticationApi, APIKeysApi,
         RegisterRequest, CreateApiKeyRequest } from '@qsafe/sdk';

// 1. Register and get JWT token
const authApi = new AuthenticationApi(new Configuration());
const reg = await authApi.registerUser({
  email: '[email protected]',
  password: 'SecureP@ssw0rd123',
  firstName: 'Your',
  lastName: 'Name',
});
const jwtToken = reg.data.data!.accessToken!;

// 2. Create an API key using JWT
const jwtConfig = new Configuration({ accessToken: jwtToken });
const keysApi = new APIKeysApi(jwtConfig);
const keyResp = await keysApi.createApiKey({
  name: 'My Production Key',
  permissions: ['read', 'write', 'crypto_encrypt', 'crypto_decrypt', 'crypto_sign', 'crypto_verify'],
});
const rawApiKey = keyResp.data.data!.api_key!;  // pqc_xxxx — save this!
console.log('API Key:', rawApiKey);

Ephemeral Storage

// Encrypt and get ephemeral_id
const enc = await cryptoApi.encryptData(keypairId, {
  plaintext: 'Sensitive data',
  ephemeral_storage: { ttl: 1800, max_access_count: 3 },
});
const ephemeralId = enc.data.data!.ephemeral_storage!.ephemeral_id!;

// Decrypt by ephemeral_id
const dec = await cryptoApi.decryptData(keypairId, { ephemeral_id: ephemeralId });
console.log(dec.data.data!.plaintext);

Building from Source

npm install
npm run build

API Reference

| Class | Method | Endpoint | Auth | |-------|--------|----------|------| | AuthenticationApi | registerUser | POST /auth/register | None | | AuthenticationApi | loginUser | POST /auth/login | None | | APIKeysApi | createApiKey | POST /api-keys | JWT only | | APIKeysApi | listApiKeys | GET /api-keys | JWT only | | KeypairsApi | generateKeypair | POST /generate-keypair | JWT or API key | | CryptographicOperationsApi | encryptData | POST /keypairs/{id}/encrypt | JWT or API key | | CryptographicOperationsApi | decryptData | POST /keypairs/{id}/decrypt | JWT or API key | | CryptographicOperationsApi | signData | POST /keypairs/{id}/sign | JWT or API key | | CryptographicOperationsApi | verifySignature | POST /keypairs/{id}/verify | JWT or API key | | UtilitiesApi | getRateLimitStatus | GET /rate-limit/status | API key only |

Support

• API docs: https://rushikesh66-pqc-api.hf.space/api-docs
• Issues: https://github.com/rushikesh-kakadiya/QSafeApi/issues