Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

keygen

Generate a post-quantum key pair.

Usage

shadowforge keygen --algorithm <ALGORITHM> --output <DIR>

Options

OptionRequiredDescription
--algorithmYeskyber1024 (ML-KEM-1024) or dilithium3 (ML-DSA-87)
--outputYesOutput directory for key files

Output

Creates two files in the output directory:

  • public.key — the public key (safe to share)
  • secret.key — the secret key (protect with your life)

Examples

# Generate encryption keys
shadowforge keygen --algorithm kyber1024 --output ./enc-keys

# Generate signing keys
shadowforge keygen --algorithm dilithium3 --output ./sign-keys

Security Notes

  • Secret keys are zeroed from memory on drop (ZeroizeOnDrop).
  • Store secret keys on encrypted storage. Consider amnesiac mode for key generation on sensitive systems.
  • ML-KEM-1024 provides NIST Level 5 security against quantum adversaries.
  • ML-DSA-87 provides NIST Level 5 signature security.