@quantumsequrity/qnsqy-win32-x64 7.2.23 → 7.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/LICENSE +12 -9
  2. package/README.md +71 -10
  3. package/SECURITY.md +29 -0
  4. package/package.json +9 -3
  5. package/qnsqy.exe +0 -0
package/LICENSE CHANGED
@@ -1,12 +1,15 @@
1
- QNSQY is proprietary software. (c) 2026 Quantum Sequrity.
1
+ QNSQY PROPRIETARY LICENSE
2
2
 
3
- This package contains the prebuilt QNSQY binary for Windows x86_64, licensed
4
- under the QNSQY end-user license agreement, available at
5
- https://quantumsequrity.com/terms.
3
+ Copyright (c) 2026 Quantum Sequrity. All rights reserved.
6
4
 
7
- This package is published solely as an optional dependency of the `qnsqy`
8
- npm package, to deliver the platform-specific binary. Redistribution of the
9
- binary outside that channel, or modification to alter the shipped binary, is
10
- not permitted.
5
+ 1. This package contains the prebuilt QNSQY binary for Windows x86_64,
6
+ licensed under the QNSQY end-user license agreement:
7
+ https://quantumsequrity.com/terms
11
8
 
12
- Source-available for security audit on request: security@quantumsequrity.com.
9
+ 2. This package exists solely as an optional dependency of the qnsqy npm
10
+ package, to deliver the platform binary. You may use it only through
11
+ that channel, to install and run the official QNSQY binary. No other
12
+ rights are granted.
13
+
14
+ 3. Source access for security audit is available on request:
15
+ security@quantumsequrity.com
package/README.md CHANGED
@@ -10,8 +10,8 @@ FIPS 205 (SLH-DSA), hybridized with X25519, Ed25519, and AES-256-GCM.
10
10
  This package only carries the platform binary. It is pulled in
11
11
  automatically as an `optionalDependencies` entry of the main `qnsqy`
12
12
  package, so `npm` downloads only the binary that matches your platform
13
- (selected by the `os` / `cpu` fields). It contains **no install script and
14
- makes no network calls**.
13
+ (selected by the `os` / `cpu` fields). It contains **no install scripts
14
+ and makes no network calls** during installation.
15
15
 
16
16
  Install the main package instead:
17
17
 
@@ -20,28 +20,89 @@ npm install -g qnsqy
20
20
  qnsqy --help
21
21
  ```
22
22
 
23
- ## Integrity
23
+ ## What the binary does
24
24
 
25
- The main `qnsqy` package pins the SHA-256 of this binary and verifies it
26
- before every run, so a substituted or tampered binary is refused. The same
27
- bytes are published on the download page with SHA-256 checksums and an
28
- ML-DSA-87 (FIPS 204) signature logged to the Sigstore Rekor transparency
29
- log, and the binary self-verifies its embedded integrity hash at startup.
25
+ One executable, four run modes: command line (`qnsqy`), terminal UI
26
+ (`qnsqy --tui`), desktop GUI (`qnsqy --gui`), and an MCP server for AI
27
+ agents (`qnsqy --mcp`, 84 tools). Core operations:
30
28
 
31
- You can confirm the bytes match the official release:
29
+ - **Encrypt / decrypt** with hybrid post-quantum envelopes: ML-KEM
30
+ (512/768/1024) combined with X25519, sealed with AES-256-GCM or
31
+ XChaCha20-Poly1305, passwords stretched with Argon2id.
32
+ - **Sign / verify** with ML-DSA (44/65/87) combined with Ed25519, plus
33
+ SLH-DSA, FN-DSA, and LMS / HSS (SP 800-208) on higher tiers.
34
+ - **Hash / verify-integrity** with BLAKE3, SHA-2, and SHA-3.
35
+ - **Key tools**: keygen, key import/export, password vault,
36
+ multi-recipient encryption, M-of-N threshold encryption, Shamir secret
37
+ sharing, key escrow, time-lock encryption.
38
+ - **Migration**: scan data for legacy classical cryptography and
39
+ re-encrypt it under post-quantum algorithms.
40
+ - **Audit logging** with hash-chained entries and SIEM/CSV/JSON export.
41
+
42
+ All cryptographic operations run locally. Plaintext, passwords, and
43
+ private keys never leave the machine.
44
+
45
+ ## Integrity model (defense in depth)
46
+
47
+ 1. **npm shim pinning.** The main `qnsqy` package ships
48
+ `bin/integrity.json` with the SHA-256 of this binary. The shim
49
+ verifies the hash before every run and refuses to execute a
50
+ substituted or tampered binary.
51
+ 2. **Startup self-check.** The binary verifies its own embedded
52
+ integrity hash at startup.
53
+ 3. **Release manifest signature.** The same bytes are published on the
54
+ download page and listed in `checksums.txt`, which is signed with an
55
+ **ML-DSA-87 (FIPS 204, security category 5)** post-quantum signature
56
+ made with an offline release key. Verify with any QNSQY install:
57
+ `qnsqy verify-release checksums.txt checksums.txt.sig`
58
+ 4. **Sigstore transparency log.** The release manifest is additionally
59
+ signed keylessly from the public GitHub repository's CI identity and
60
+ recorded in the Sigstore Rekor transparency log, so the release
61
+ history is publicly auditable.
62
+
63
+ Manual hash check on Windows:
32
64
 
33
65
  ```
34
66
  certutil -hashfile node_modules\@quantumsequrity\qnsqy-win32-x64\qnsqy.exe SHA256
35
67
  :: Compare against the Windows checksum on https://quantumsequrity.com/download
36
68
  ```
37
69
 
70
+ ## Supported platforms
71
+
72
+ | Target | Status |
73
+ |--------|--------|
74
+ | Windows 10 1809+ x86_64 | supported (this package) |
75
+ | Windows 11 x86_64 | supported (this package) |
76
+ | Linux x86_64, glibc 2.35+ | use `@quantumsequrity/qnsqy-linux-x64` |
77
+ | macOS | in development |
78
+
79
+ ## Troubleshooting
80
+
81
+ - **"integrity mismatch" from the shim**: the binary on disk does not
82
+ match the pinned SHA-256. Reinstall with
83
+ `npm install -g qnsqy --force`. If it persists, treat it as a
84
+ security signal and compare hashes against the download page.
85
+ - **Endpoint policy blocks unsigned executables**: Authenticode EV code
86
+ signing is in progress; until then, verify the SHA-256 and the
87
+ ML-DSA-87 release signature as above, or use a policy exception pinned
88
+ to the published hash.
89
+ - **Running a pre-staged binary** (air-gapped or mirrored installs): set
90
+ `QNSQY_BINARY_PATH` to an absolute path and the shim will verify and
91
+ run that binary instead of the packaged one.
92
+ - **Version note**: the npm package version can be ahead of the binary's
93
+ self-reported `qnsqy version` when a release only changes packaging.
94
+ The binary version is authoritative for cryptographic behavior.
95
+
38
96
  ## Links
39
97
 
40
98
  - Homepage: https://quantumsequrity.com
41
- - Download page (checksums + PQ signatures): https://quantumsequrity.com/download
99
+ - Download page (checksums + post-quantum signatures): https://quantumsequrity.com/download
42
100
  - Documentation: https://quantumsequrity.com/docs.html
101
+ - Wrapper source: https://github.com/quantumsequrity/qnsqy
102
+ - Issues: https://github.com/quantumsequrity/qnsqy/issues
43
103
  - Security disclosure: security@quantumsequrity.com
44
104
 
45
105
  ## License
46
106
 
47
107
  Proprietary. (c) 2026 Quantum Sequrity. See the bundled `LICENSE`.
108
+ Source access for security audit is available on request.
package/SECURITY.md ADDED
@@ -0,0 +1,29 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ We provide security updates for the latest stable release of QNSQY.
6
+
7
+ | Version | Supported |
8
+ | ------- | ------------------ |
9
+ | v7.2.x | :white_check_mark: |
10
+ | < v7.2 | :x: |
11
+
12
+ ## Reporting a Vulnerability
13
+
14
+ We take the security of QNSQY seriously. If you believe you have found a security vulnerability, please report it to us privately.
15
+
16
+ **Please do not open a public GitHub issue for security vulnerabilities.**
17
+
18
+ You can report vulnerabilities via:
19
+ - **Email:** security@quantumsequrity.com
20
+ - **Website:** https://quantumsequrity.com/contact
21
+
22
+ We will acknowledge receipt of your report within 48 hours and provide a timeline for remediation.
23
+
24
+ ## Our Security Model
25
+
26
+ QNSQY is built on NIST-standardized post-quantum algorithms (FIPS 203, 204, 205). Our security guarantees include:
27
+ - **Zero Telemetry:** Your data and keys never leave your machine.
28
+ - **Kernel Sandboxing:** (Linux only) Seccomp-BPF and Landlock enforced by default.
29
+ - **Memory Protection:** mlock(2) used to prevent secrets from being swapped to disk.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@quantumsequrity/qnsqy-win32-x64",
3
- "version": "7.2.23",
3
+ "version": "7.2.25",
4
4
  "description": "Prebuilt QNSQY binary for Windows x86_64. Installed automatically as an optional dependency of the `qnsqy` package. Do not install directly.",
5
5
  "keywords": [
6
6
  "qnsqy",
@@ -14,7 +14,12 @@
14
14
  "x64"
15
15
  ],
16
16
  "homepage": "https://quantumsequrity.com",
17
- "bugs": "https://quantumsequrity.com/contact",
17
+ "repository": {
18
+ "type": "git",
19
+ "url": "git+https://github.com/quantumsequrity/qnsqy.git",
20
+ "directory": "platform-packages/qnsqy-win32-x64"
21
+ },
22
+ "bugs": "https://github.com/quantumsequrity/qnsqy/issues",
18
23
  "license": "SEE LICENSE IN LICENSE",
19
24
  "author": "Quantum Sequrity",
20
25
  "os": [
@@ -31,6 +36,7 @@
31
36
  "access": "public"
32
37
  },
33
38
  "files": [
34
- "qnsqy.exe"
39
+ "qnsqy.exe",
40
+ "SECURITY.md"
35
41
  ]
36
42
  }
package/qnsqy.exe CHANGED
Binary file