Metadata-Version: 2.4
Name: rights-to-secure-hybrid-crypto
Version: 1.0.0
Summary: Hybrid Post-Quantum Cryptography Library combining classical and quantum-resistant algorithms
Home-page: https://rightstosecure.com
Author: Praveen Naidu
Author-email: Praveen Naidu <contact@arkaenterprises.com>
Maintainer-email: Praveen Naidu <contact@arkaenterprises.com>
License: MIT
Project-URL: Homepage, https://rightstosecure.com
Project-URL: Documentation, https://academy.rightstosecure.com
Project-URL: Repository, https://github.com/rightstosecure/hybrid-crypto
Project-URL: Bug Tracker, https://github.com/rightstosecure/hybrid-crypto/issues
Keywords: cryptography,post-quantum,quantum-resistant,hybrid,rsa,ecc,ecdsa,kyber,dilithium,security,encryption,signature,key-exchange,kem,rights-to-secure
Platform: any
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Communications :: Email
Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Application
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography>=41.0.0
Requires-Dist: liboqs-python>=0.7.2
Requires-Dist: pytest>=7.0.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
Requires-Dist: black>=22.0.0; extra == "dev"
Requires-Dist: flake8>=5.0.0; extra == "dev"
Requires-Dist: mypy>=1.0.0; extra == "dev"
Requires-Dist: sphinx>=5.0.0; extra == "dev"
Requires-Dist: sphinx-rtd-theme>=1.0.0; extra == "dev"
Provides-Extra: api
Requires-Dist: fastapi>=0.100.0; extra == "api"
Requires-Dist: uvicorn>=0.20.0; extra == "api"
Requires-Dist: pydantic>=2.0.0; extra == "api"
Provides-Extra: web
Requires-Dist: flask>=2.3.0; extra == "web"
Requires-Dist: flask-cors>=4.0.0; extra == "web"
Dynamic: author
Dynamic: home-page
Dynamic: license-file
Dynamic: platform
Dynamic: requires-python

# 🔐 RightsToSecure Hybrid Crypto Wrapper

> **Hybrid Post-Quantum Cryptography Library**  
> Developed by **RightsToSecure**  
> Founder: **Praveen Naidu**

---

## 🛡️ Overview

The **RightsToSecure Hybrid Crypto Wrapper** is a cryptographic library designed to combine classical cryptography (RSA/ECDSA) with Post-Quantum Cryptography (Kyber, Dilithium). It provides a quantum-resilient security layer compatible with existing systems, ideal for enterprise SaaS integrations, encrypted messaging, secure file sharing, and API protection.

---

## ✅ Features

- 🔐 **Hybrid Key Exchange** using RSA/ECC + Kyber
- ✍️ **Hybrid Digital Signatures** using ECDSA + Dilithium
- 📦 Compatible with legacy infrastructure (TLS, HTTPS, etc.)
- 🧠 Future-proof against quantum threats
- 🔁 Crypto-agile design for algorithm swapping
- ⚙️ Easy integration as a Python package or API

---

## 📁 Project Structure

```
/rights_to_secure_hybrid_crypto
│
├── /src
│   ├── hybrid_kem.py         # Hybrid Key Exchange logic
│   ├── hybrid_signature.py   # Hybrid Digital Signature logic
│   └── utils.py              # Shared utilities (hashing, KDF, etc.)
│
├── /examples
│   ├── demo_key_exchange.py
│   └── demo_signing.py
│
├── /tests
│   ├── test_hybrid_kem.py
│   └── test_hybrid_signature.py
│
└── README.md
```

---

## 🔐 Hybrid Key Exchange (KEM)

### 🔧 Inputs:
- RSA or ECC Public Key
- Kyber Public Key

### 🔁 Process:
1. Generate a random classical shared secret and encrypt it with RSA or ECC.
2. Use Kyber to encapsulate a PQC shared secret.
3. Concatenate both secrets:
   ```
   combined_secret = classical_secret || pqc_secret
   session_key = SHAKE256(combined_secret)[:32]  # 256-bit
   ```

### 📤 Output:
- `rsa_ciphertext`: RSA-encrypted component
- `kyber_ciphertext`: Kyber-encrypted component
- `session_key`: Final shared key

---

## ✍️ Hybrid Digital Signature

### 🔧 Inputs:
- Message (bytes)
- ECDSA Private Key
- Dilithium Private Key

### 🔁 Process:
1. Sign message with ECDSA → `sig_classical`
2. Sign message with Dilithium → `sig_pqc`
3. Combine both:
   ```
   hybrid_signature = sig_classical || sig_pqc
   ```

### ✅ Verification:
- Validate both parts independently using ECDSA and Dilithium public keys

---

## 🧰 Requirements

### Python Dependencies

```bash
pip install cryptography oqs hashlib
```

#### Libraries Used:
- `cryptography` – for RSA, ECC, and ECDSA
- `oqs-python` – for Kyber and Dilithium (Post-Quantum)
- `hashlib` – for SHAKE256 hashing

---

## 🚀 Usage Examples

### 🔑 Key Exchange

```python
from src.hybrid_kem import hybrid_key_exchange, hybrid_key_decrypt
from src.utils import generate_rsa_keys, generate_kyber_keys

rsa_pub, rsa_priv = generate_rsa_keys()
kyber_pub, kyber_priv = generate_kyber_keys()

# Sender side
rsa_ct, kyber_ct, session_key = hybrid_key_exchange(rsa_pub, kyber_pub)

# Receiver side
session_key_reconstructed = hybrid_key_decrypt(rsa_priv, kyber_priv, rsa_ct, kyber_ct)
```

---

### ✍️ Signature

```python
from src.hybrid_signature import hybrid_sign, hybrid_verify

message = b"Confidential data for RightsToSecure"

# Signing
hybrid_signature = hybrid_sign(message, ecdsa_private_key, dilithium_private_key)

# Verifying
valid = hybrid_verify(message, hybrid_signature, ecdsa_public_key, dilithium_public_key)
print("Signature valid:", valid)
```

---

## 📦 Output Format

- **Base64** encoding for ciphertexts and signatures
- **JSON** objects for hybrid signature structure
- Session keys returned as **raw 256-bit** key (SHAKE256)

---

## 🔧 Packaging and Deployment

- Can be published as a Python package:  
  `rights_to_secure_hybrid_crypto`
- Deployable as a REST API (FastAPI/Flask)
- Docker-compatible for SaaS deployments

---

## 🧪 Testing

### Run Tests

```bash
pytest /tests
```

### Test Coverage:
- RSA + Kyber key encapsulation/decapsulation
- ECDSA + Dilithium hybrid signing/verification
- Key mismatches and edge case validation

---

## 🧱 Roadmap

| Feature | Status |
|--------|--------|
| RSA + Kyber Hybrid KEM | ✅ Completed |
| ECDSA + Dilithium Hybrid Signature | ✅ Completed |
| Falcon Signature Support | 🔜 Planned |
| WASM Module for Web | 🔜 Planned |
| REST API as a Service | 🔜 Planned |
| TLS Handshake Integration | 🔜 Planned |

---

## ⚠️ Security Considerations

- Always use **cryptographically secure** random key generation.
- Use **SHAKE256** or **HKDF** for all KDF operations.
- Never store unencrypted private keys in memory/disk.
- Perform **regular audits** of custom crypto logic.
- Maintain **crypto-agility** to support algorithm replacement.

---

## 📜 License

MIT License (or custom enterprise license for SaaS deployments).  
Contact **RightsToSecure** for commercial use or security audits.

---

## 🧠 About RightsToSecure

**RightsToSecure** is a cybersecurity firm focused on building **quantum-resilient encryption tools** and **secure SaaS solutions** for modern and future internet infrastructure.

### 👨‍💼 Founder: Praveen Naidu

We are committed to helping companies transition to **quantum-safe** cryptography with minimal friction.

🌐 Website: [https://rightstosecure.com](https://rightstosecure.com) quantum proof cyrptoghraphy and secure application development (https://academy.rightstosecure.com) comprehensive real case based scenario based cyber security training 
📧 Email: `contact@arkaenterprises.com`
Phone : +1 314-624-8101

--- 
