Metadata-Version: 2.4
Name: ekee
Version: 1.0.2
Summary: EKEE — Encrypted Key Encrypted Extended. Double-layer encryption: RSA-4096 + double AES-256-GCM with passphrase-locked private keys.
License: MIT
Keywords: encryption,cryptography,security,rsa,aes,ekee
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: cryptography>=41.0
Requires-Dist: sympy>=1.12

# EKEE — Encrypted Key Encrypted Extended

> **Double-layer encryption built on RSA-4096 + double AES-256-GCM with passphrase-locked private keys.**

---

## What is EKEE?

EKEE is a custom encryption system that stacks two independent layers of protection:

```
Your message
    └─► EKEE-Sym: AES-256-GCM pass 1 → mixing layer → AES-256-GCM pass 2
            └─► Ciphertext

Session key (random, 512-bit)
    └─► EKEE-Asym: RSA-4096
            └─► Encrypted session key

Private key (on disk)
    └─► EKEE-Sym: locked with keys derived from your passphrase
            └─► .priv file  ← useless without your passphrase
```

| Layer | What it does | Strength |
|-------|-------------|---------|
| **EKEE-Asym** | RSA-4096 encrypts the session key | 2× standard RSA-2048 |
| **EKEE-Sym** | Double AES-256-GCM + mixing encrypts the message | Two independent 256-bit keys |
| **EKEE-Wrap** | Private key encrypted before saving to disk | Stolen `.priv` = useless without passphrase |
| **EKEE-KDF** | SHA3-512 / BLAKE2b chain derives keys from passphrase | 300 000 iterations |

---

## Installation

### Requires Python 3.10+

```bash
pip install ekee
```

Or install from source:

```bash
(coming soon)
```

### Windows (PowerShell)

```powershell
pip install ekee
```

If `pip` is not on your PATH:

```powershell
python -m pip install ekee
```

---

## Quick Start — Python API

```python
from ekee import EKEE

ekee = EKEE()

# ── 1. Generate keys ────────────────────────────────────────────
ekee.generate_keys(passphrase="my_strong_passphrase")
ekee.save_keys("alice")
# Creates: alice.pub  (share this)
#          alice.priv (keep this secret — it's passphrase-locked)

# ── 2. Encrypt ──────────────────────────────────────────────────
ciphertext = ekee.encrypt(b"Top secret message", pub_key_path="alice.pub")

# ── 3. Decrypt ──────────────────────────────────────────────────
plaintext = ekee.decrypt(
    ciphertext,
    priv_key_path="alice.priv",
    passphrase="my_strong_passphrase"
)
print(plaintext)  # b"Top secret message"

# ── Encrypt / decrypt files ─────────────────────────────────────
ekee.encrypt_file("secret.pdf", "secret.pdf.ekee", "alice.pub")
ekee.decrypt_file("secret.pdf.ekee", "recovered.pdf", "alice.priv", "my_strong_passphrase")

# ── Public key fingerprint ──────────────────────────────────────
print(ekee.fingerprint("alice.pub"))
# e.g. bba5:2752:7339:f737:7e87:aa3b:b6df:3123
```

---

## Quick Start — Command Line

After installing, the `ekee` command is available in your terminal.

```bash
# Generate keys
ekee generate alice --passphrase "my_strong_passphrase"

# Encrypt a file
ekee encrypt secret.pdf --pubkey alice.pub

# Decrypt a file
ekee decrypt secret.pdf.ekee --privkey alice.priv --passphrase "my_strong_passphrase"

# Check a public key fingerprint
ekee fingerprint alice.pub
```

---

## File Format

| File | Contents | Share? |
|------|----------|--------|
| `alice.pub` | RSA-4096 public key (PEM) | ✅ Yes — send to anyone |
| `alice.priv` | Private key encrypted with EKEE-Sym | ❌ No — keep private |
| `*.ekee` | Encrypted ciphertext | ✅ Safe to send |

---

## Design Details

### EKEE-Sym (Symmetric Layer)
- **Pass 1:** AES-256-GCM encrypts the plaintext with `key1` and `nonce1`
- **Mix:** The intermediate ciphertext is XOR'd with a keystream derived from `key2 + nonce1 + nonce2` via SHA3-512 — this spreads entropy across the entire block before the second pass
- **Pass 2:** AES-256-GCM encrypts the mixed output with `key2` and `nonce2`

### EKEE-Asym (Asymmetric Layer)
- RSA-4096 with OAEP/SHA-512 padding
- Used only to encrypt the 512-bit random session key (never the message directly)
- The session key is destroyed after each operation — forward secrecy per message

### EKEE-KDF (Key Derivation)
- Alternates between SHA3-512 and BLAKE2b-512 for 300 000 rounds
- Produces two independent 256-bit keys from the passphrase + random salt
- The salt is stored in the `.priv` file — unique per keypair

---

## Requirements

- Python 3.10+
- `cryptography >= 41.0`
- `sympy >= 1.12`

---
## Quick Legal Disclaimer
This tool is NOT Intended for illigal use, it is intended for research projects, it can also be used to encrypt messages or for fun projects, NOT for ransomware or other illigal tools,
Full Legal disclaimer in DISCLAIMER.txt!

(I am NOT liable for any illigal missuse of my product!)

## Note from me!
Thanks for using or planning to use my Libary, and i hope you have much success in your project!
Donate here! (BTC)
bc1qxh44aw4hkh5uart90dp958229vuquvhkd44fx0
(donations would be appreciated!)

## License

MIT — do whatever you want with it.

