Scan for quantum-vulnerable cryptography and create post-quantum-ready encrypted packages.
QuantumShield is a security tool that helps you become post-quantum ready. It finds risky cryptography, explains why it's exposed, generates standardized post-quantum keys, and encrypts files into hybrid quantum-resistant packages.
Honesty first. QuantumShield does not make anything "100% quantum-proof," "impossible to decrypt," or "automatically fixed." It provides risk assessment, post-quantum-ready key generation, hybrid encryption, and migration guidance. Real security still depends on implementation, key storage, and a developer/security review.
This is not demo-mode crypto. The PQC layer uses real FIPS 203/204/205 implementations
(@noble/post-quantum): ML-KEM-768, ML-DSA-65, and SLH-DSA.
ββββββββββββββββββββββββββββββββ
Browser ββββΊ β React + Vite client (:5173) β
β Dashboard Β· Scan Β· Protect β
β Key Upgrade Β· Roadmap β
βββββββββββββββββ¬βββββββββββββββ
/api/* (Vite proxy)
β
βββββββββββββββββΌβββββββββββββββ
β Node + Express API (:3001) β
β β
β scanner.js rule engine β
β scoring.js risk score β
β roadmap.js migration plan β
β cryptoFile.js AES-256-GCM β
β pqc.js βββ crypto-agile βββ β
βββββββββββββββββββββββββββββββΌββ
β
@noble/post-quantum (FIPS 203/204/205)
ML-KEM-768 Β· ML-DSA-65 Β· SLH-DSA
- Stateless β no database. Files and keys are processed in memory and returned to the browser.
- Crypto-agile β every PQC call goes through
server/lib/pqc.js. Swap the library there and nothing else changes.
QSH/
ββ package.json # root scripts: dev / dev:server / dev:client / build
ββ README.md
ββ server/
β ββ index.js # Express app + API routes
β ββ package.json
β ββ lib/
β ββ scanner.js # regex rule engine
β ββ scoring.js # 0β100 risk score
β ββ roadmap.js # phased migration plan
β ββ cryptoFile.js # AES-256-GCM + ML-KEM hybrid (KEM-DEM)
β ββ pqc.js # ML-KEM / ML-DSA / SLH-DSA wrapper (the agile seam)
ββ client/
ββ index.html
ββ vite.config.js # proxies /api -> :3001
ββ package.json
ββ src/
ββ main.jsx App.jsx api.js index.css
ββ components/ Sidebar Β· RiskGauge Β· FindingCard Β· icons Β· ui
ββ pages/ Dashboard Β· Scan Β· Protect Β· Keys Β· Roadmap
| Method | Route | Purpose |
|---|---|---|
| GET | /api/health |
Liveness + rule count. |
| GET | /api/algorithms |
PQC algorithm metadata & key sizes. |
| POST | /api/scan |
Body { content } or { files:[{filename,content}] } β { findings, score, roadmap }. |
| POST | /api/protect |
Body { filename, dataBase64 } β encrypted package, secretKey, publicKey, report. |
| POST | /api/unprotect |
Body { package, secretKey } β { dataBase64, filename, integrityOk }. |
| POST | /api/keys |
Body { types:['kem','dsa','slh'] } β post-quantum key pairs + guidance. |
Each rule is { id, pattern (RegExp), title, risk, category, explanation, migration }. The scanner runs
every rule over the text, records each match with line:column, caps repeats per rule, and sorts by
severity. Categories: quantum-vulnerable, classically-weak, bad-practice.
Detected patterns include: RSA, ECDSA/ECDH/ECC, named curves (secp256r1, prime256v1, β¦),
crypto.generateKeyPair, crypto.createSign/Verify, -----BEGIN β¦ PRIVATE KEY-----, AWS keys,
hardcoded secrets, MD5, SHA-1, TLSv1.0/1.1 & SSL, DES/3DES/RC4, ECB mode, and Math.random()
for security. See server/lib/scanner.js to add rules β that's the only file you touch.
server/lib/cryptoFile.js:
- ML-KEM-768 encapsulates a 32-byte shared secret to a recipient public key.
- HKDF-SHA256 derives a 256-bit AES key from that shared secret (+ random salt).
- AES-256-GCM encrypts the file (12-byte IV, 16-byte auth tag).
The package stores the KEM ciphertext, not the key. Only the ML-KEM secret key holder can decapsulate and decrypt. Decryption fails loudly on a wrong key or any tampering (GCM auth check + a SHA-256 integrity check).
The PQC seam is server/lib/pqc.js, exposing kem, dsa, slh with keygen / encapsulate / decapsulate / sign / verify. It is backed by @noble/post-quantum today. To move to another
implementation (e.g. liboqs/native bindings for production), reimplement those functions β no other
file changes. That's the crypto-agility the roadmap recommends, demonstrated in the code itself.
server/lib/scoring.js β weights Critical 40 / High 22 / Medium 10 / Low 4. Repeats of the same rule
add 25% each (capped at 3Γ). The weighted sum Ξ£ is squashed into 0β100:
riskScore = 100 Β· (1 β e^(βΞ£ / 60)) # higher = more risk
Detecting post-quantum / crypto-agile signals applies a 20% mitigation discount. The response also breaks exposure into quantum / classical / practice sub-scores for the UI bars, plus a letter grade (AβF).
App.jsxβ layout shell, simple route state, shared scan result, backend-health polling.- Components:
Sidebar,RiskGauge(SVG glow gauge),FindingCard,icons, andui(Panel, StatCard, RiskBadge, CategoryBadge, ExposureBar, CopyField, Toast, EmptyState, Spinner). - Pages:
Dashboard,Scan,Protect,Keys,Roadmap.
- Dashboard: "Get ahead of harvest now, decrypt later." β explains Shor's algorithm + the does/doesn't honesty panel.
- Scan: "Paste source/config or upload files⦠with a migration step for each finding."
- Protect: "Encrypt a file into a quantum-resistant package using a hybrid KEM-DEM scheme."
- Key Upgrade: "ML-KEM protects shared keys; ML-DSA/SLH-DSA are for signatures β they don't automatically replace every existing key."
- Roadmap: "A phased plan generated from your scan⦠require a developer/security review before production changes."
{
"score": { "riskScore": 98, "postureScore": 2, "grade": "F", "label": "Critical exposure",
"totals": { "findings": 16, "byRisk": { "Critical": 1, "High": 10, "Medium": 4, "Low": 1 } },
"exposure": { "quantum": 83, "classical": 66, "practice": 67 } },
"findings": [
{ "ruleId": "private-key-block", "title": "Hardcoded private key", "risk": "Critical",
"category": "bad-practice", "filename": "payments.js", "line": 21, "column": 1,
"match": "-----BEGIN RSA PRIVATE KEY-----",
"explanation": "A private key embedded in source/config can be extractedβ¦",
"migration": "Remove the key from code immediately, rotate it, and load secrets from a vaultβ¦" }
],
"roadmap": { "summary": { "immediateActionRequired": true, "quantumMigrationNeeded": true,
"triggeredSteps": 7, "totalSteps": 7 } }
}{
"version": "qs-pkg-1",
"createdAt": "2026-06-22T18:00:00.000Z",
"algorithms": { "kem": "ML-KEM-768 (FIPS 203)", "kdf": "HKDF-SHA256", "cipher": "AES-256-GCM" },
"file": { "name": "secret.txt", "bytes": 32, "sha256": "β¦" },
"kemCiphertext": "β¦base64 (1088 bytes)β¦",
"kdfSalt": "β¦base64 (16 bytes)β¦",
"iv": "β¦base64 (12 bytes)β¦",
"authTag": "β¦base64 (16 bytes)β¦",
"ciphertext": "β¦base64β¦",
"notes": "Quantum-resistant hybrid package. Security depends on safe storage of the secret key."
}- Backend skeleton β Express +
/api/health. (done) - Scanner + scoring β rules, line numbers, 0β100 score. (done)
- PQC layer β verify the library API, wire ML-KEM/ML-DSA/SLH-DSA. (done)
- Protect/unprotect β AES-256-GCM hybrid + tamper test. (done)
- Frontend shell β sidebar, theme, routing. (done)
- Wire each page to its endpoint. (done)
- Polish β gauge glow, badges, copy/download, honesty copy. (done)
- Hybrid X25519 + ML-KEM key exchange (classical + PQC together).
- Sign protected packages with ML-DSA and verify on decrypt.
- GitHub repo / folder scanning with a per-file heatmap and SARIF export.
- Severity-weighted diff mode (score before/after a fix).
- Drag-and-drop multi-file scanning; PDF report export.
- AST-based scanning (reduce regex false positives).
- Hackathon MVP β not audited for production. Have the design and key management reviewed.
- Secret keys are returned to the browser for the demo; in production keep them offline/encrypted.
- The scanner is pattern-based and can produce false positives/negatives β a human review is required.
- AES-256 is considered quantum-resistant (Grover only halves effective key strength); ML-KEM protects the key exchange that classical RSA/ECC would otherwise expose.