Appearance
5-minute quickstart
From zero to working post-quantum encryption.
1. Install
bash
pnpm add @pqc-sdk/corebash
npm install @pqc-sdk/coreOr initialize a full project with the CLI (config + development keys + example):
bash
npx @pqc-sdk/cli init2. Generate keys
ts
import { pqc } from '@pqc-sdk/core';
const pair = await pqc.keys.generate();
With no options it generates ML-KEM-768 (FIPS 203), the encryption algorithm. Hover over pair to see the type: the algorithm travels in the type system.
3. Encrypt
ts
const ciphertext = await pqc.encrypt('my first post-quantum secret', pair.publicKey);Accepts a string (encoded as UTF-8) or a Uint8Array. The result is a single self-contained Uint8Array: ML-KEM encapsulation + data encrypted with AES-256-GCM.
4. Decrypt
ts
const plaintext = await pqc.decrypt(ciphertext, pair.secretKey);
console.log(new TextDecoder().decode(plaintext));
// "my first post-quantum secret"If the ciphertext was tampered with, decrypt throws a PqcError with code DECRYPTION_FAILED — it never returns corrupted data.
Bonus: persisting keys
ts
const token = pqc.keys.serialize(pair.publicKey);
// "pqcv1.ml-kem-768.public.h1q3…" — base64url with metadata
const restored = pqc.keys.deserialize(token);Next steps
- Hybrid KEM+AES encryption, explained — what happens inside
encrypt - Encrypting files — the most common use case
- Signing JWTs with ML-DSA — post-quantum digital signatures