DEV Community

Muhammed Shafin P
Muhammed Shafin P

Posted on

Qeltrix V4: The AES256-GCM Evolution and Breaking Changes

#hejhdiss #python #filecontainer #qeltrix

A Major Cryptographic Upgrade for Modern Security Standards

Posted by Muhammed Shafin P (HejHdiss) | Qeltrix Project Lead

I'm excited to announce Qeltrix V4, a focused cryptographic upgrade that marks a significant milestone in the Qeltrix ecosystem. This release represents a deliberate break from backward compatibility in favor of adopting industry-standard, hardware-accelerated encryption that meets modern security requirements.

What's New in V4?

1. AES256-GCM as the Core Cipher

V4 makes a fundamental shift from ChaCha20-Poly1305 to AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) as the sole bulk encryption algorithm.

Why AES256-GCM?

  • Industry Standard: Widely vetted, NIST-approved, and certified for government use
  • Hardware Acceleration: Native CPU support via AES-NI on modern processors delivers exceptional performance
  • Proven Security: Decades of cryptanalysis with no practical attacks on properly implemented AES-GCM
  • Compliance Ready: Meets regulatory requirements (FIPS 140-2, PCI DSS, HIPAA) 
# V4 uses AES256-GCM by default - no algorithm flag needed
python3 qltx.py -v 4 pack sensitive_data.db encrypted.qltx
Enter fullscreen mode Exit fullscreen mode

2. No Cross-Version Compatibility

Like V3 before it, V4 is not backward compatible with earlier versions.

What This Means:

  • qeltrix-4.py can only pack and unpack V4 format files
  • qeltrix-3.py can only pack and unpack V3 format files
  • V4 containers cannot be opened by V1/V2/V3 scripts
  • V3 containers cannot be opened by V1/V2/V4 scripts
  • The universal dispatcher (qltx.py) handles version routing automatically

Why No Backward Compatibility?

  • Clean Implementation: Each version focuses on its specific cryptographic approach
  • Security First: Ensures each version uses its intended encryption without legacy compromises
  • Simplified Codebase: Version-specific scripts are easier to audit and maintain

Migration Strategy:

The qltx.py dispatcher ensures smooth coexistence of all versions:

# Each version's files are handled by their respective backends
python3 qltx.py unpack old_v1_file.qltx output.dat    # Uses V1 backend
python3 qltx.py unpack old_v2_file.qltx output.dat    # Uses V2 backend
python3 qltx.py unpack old_v3_file.qltx output.dat    # Uses V3 backend

# New V4 files require explicit version flag
python3 qltx.py -v 4 pack newfile.dat v4_archive.qltx # Uses V4 backend
python3 qltx.py unpack v4_archive.qltx newfile.dat    # Auto-detects V4
Enter fullscreen mode Exit fullscreen mode

3. Retained V2 Performance Features

V4 maintains all the high-performance capabilities introduced in V2:

Feature Status Benefit
Parallel Unpacking ✓ Retained Multi-core decryption for fast extraction
Random Access (seek) ✓ Retained Read specific byte ranges without full decryption
Zstd Compression ✓ Retained Choose between LZ4 (speed) and Zstd (ratio)
Two-Pass & Single-Pass ✓ Retained Flexible key derivation modes 
# V4 with all performance features
python3 qltx.py -v 4 pack large_backup.iso archive.qltx \
  --compression zstd \
  --block-size 4194304 \
  --workers 16

# Fast random access in V4 files
python3 qltx.py seek archive.qltx 104857600 8192 --output section.bin
Enter fullscreen mode Exit fullscreen mode

4. Mandatory Explicit Version Selection

The dispatcher now requires the -v flag for packing operations to prevent accidental version mismatches:

# ❌ This will fail - no implicit version selection
python3 qltx.py pack file.dat output.qltx

# ✓ Correct - explicit version required
python3 qltx.py -v 4 pack file.dat output.qltx
python3 qltx.py -v 3 pack file.dat output.qltx --recipient-pub-key key.pem
python3 qltx.py -v 2 pack file.dat output.qltx --compression zstd
Enter fullscreen mode Exit fullscreen mode

Unpacking and seeking remain automatic:

# Dispatcher reads file header and routes to correct version
python3 qltx.py unpack any_version.qltx output.dat
python3 qltx.py seek any_version.qltx 1024 512
Enter fullscreen mode Exit fullscreen mode

What Was Removed in V4?

1. ChaCha20-Poly1305 Support

V4 does not support ChaCha20-Poly1305. If you need this cipher:

  • Use V3 with --algo chacha20
  • Consider migrating to V4 for hardware-accelerated performance

2. Multi-Algorithm Flag

The --algo argument is removed in V4 since there's only one cipher option.

3. Asymmetric Key Transport (V3-A Features)

V4 currently focuses on content-derived encryption only. Asymmetric features from V3 are not included:

  • No --recipient-pub-key support
  • No --signer-priv-key or metadata signing
  • No RSA-OAEP key transport

For asymmetric encryption, continue using V3:

# Still use V3 for asymmetric workflows
python3 qltx.py -v 3 pack secret.pdf encrypted.qltx \
  --recipient-pub-key recipient.pem \
  --signer-priv-key my_private.pem
Enter fullscreen mode Exit fullscreen mode

Note: Future versions may reintroduce asymmetric features with AES256-GCM. V4 establishes the cryptographic foundation first.

Complete V4 Usage Guide

Installation

Dependencies remain unchanged:

pip install lz4 cryptography zstandard
Enter fullscreen mode Exit fullscreen mode

Packing with V4 

# Basic V4 packing
python3 qltx.py -v 4 pack myfile.dat secure.qltx

# High-performance configuration
python3 qltx.py -v 4 pack database.sql backup.qltx \
  --compression zstd \
  --block-size 4194304 \
  --workers 12

# Fast single-pass mode (useful for large files where speed matters)
python3 qltx.py -v 4 pack bigvideo.mp4 video.qltx \
  --mode single_pass_firstN \
  --head-bytes 2097152
Enter fullscreen mode Exit fullscreen mode

Unpacking V4 Files 

# Basic unpacking (auto-detects V4)
python3 qltx.py unpack secure.qltx myfile.dat

# Parallel unpacking with integrity verification
python3 qltx.py unpack backup.qltx database.sql --workers 16

# Fast unpacking (skip checksum verification)
python3 qltx.py unpack video.qltx bigvideo.mp4 --no-verify
Enter fullscreen mode Exit fullscreen mode

Random Access (Seek) 

# Extract 1MB starting at 50MB offset
python3 qltx.py seek archive.qltx 52428800 1048576 --output extract.bin

# Parallel seek for faster decompression
python3 qltx.py seek backup.qltx 10485760 4096 --workers 8
Enter fullscreen mode Exit fullscreen mode

Version Compatibility Matrix

Feature V1 V2 V3 V4
ChaCha20-Poly1305
AES256-GCM
Content-Derived Keys
Parallel Pack/Unpack
Random Access (seek)
Zstd Compression
Asymmetric Keys (RSA)
Metadata Signing
Backward Compatible N/A

Performance: V3 vs V4

Benchmark on an 8-core Intel i7 with AES-NI (1GB test file, Zstd compression):

Operation V3 (ChaCha20) V3 (AES256) V4 (AES256)
Pack ~45s ~42s ~41s
Unpack ~18s ~16s ~15s
Seek (4KB) ~0.2s ~0.18s ~0.17s

Results are illustrative. Performance varies with hardware and file characteristics.

Key Takeaway: V4 delivers the best performance on modern hardware with AES-NI support, while maintaining V2's parallel processing advantages.

Security Considerations

V4 Cryptographic Stack 

┌─────────────────────────────────────────┐
│  Key Derivation: HKDF-SHA256            │
│  └─ Info: KEY_INFO_V4 (version-specific)│
├─────────────────────────────────────────┤
│  Bulk Encryption: AES-256-GCM           │
│  └─ 256-bit keys, 96-bit nonces         │
├─────────────────────────────────────────┤
│  Per-Block Authentication: GCM Tags     │
│  └─ 128-bit authentication tags         │
├─────────────────────────────────────────┤
│  Global Integrity: SHA256 checksum      │
│  └─ Full ciphertext verification        │
└─────────────────────────────────────────┘
Enter fullscreen mode Exit fullscreen mode

Content-Derived Key Modes

Two-Pass (Default - Highest Security):

  • Derives key from SHA256 hash of entire compressed stream
  • Requires two passes over data and temporary storage
  • Best for: Maximum security, archival use

Single-Pass-FirstN (Speed-Optimized):

  • Derives key from hash of first N raw bytes
  • Single pass, bounded memory usage
  • Best for: Large files where beginning is unique, performance-critical scenarios

Proof-of-Concept Disclaimer

Qeltrix V4 remains a Proof-of-Concept:

  • Built on industry-standard cryptography via the cryptography library
  • No formal security audit has been conducted
  • You are responsible for key management and secure usage
  • Evaluate whether Qeltrix meets your specific threat model

Migration Guide

From V1/V2 to V4 

# 1. Unpack existing file (dispatcher handles V1/V2 automatically)
python3 qltx.py unpack old_v2_file.qltx original_data.bin

# 2. Repack with V4
python3 qltx.py -v 4 pack original_data.bin new_v4_file.qltx
Enter fullscreen mode Exit fullscreen mode

From V3 to V4

If using content-derived keys (non-asymmetric V3):

# Similar process as V1/V2
python3 qltx.py unpack v3_content_derived.qltx data.bin
python3 qltx.py -v 4 pack data.bin v4_version.qltx
Enter fullscreen mode Exit fullscreen mode

If using asymmetric V3-A:

V4 does not support asymmetric features. Continue using V3 for these workflows, or implement external key management:

# Option 1: Keep V3 for asymmetric needs
python3 qltx.py -v 3 pack sensitive.doc encrypted.qltx \
  --recipient-pub-key recipient.pem

# Option 2: Use V4 with external key exchange
# (Manage key sharing through separate channels)
python3 qltx.py -v 4 pack sensitive.doc encrypted.qltx
Enter fullscreen mode Exit fullscreen mode

Real-World Use Cases for V4

1. Compliance-Required Archival

Organizations needing FIPS 140-2 compliant encryption:

# AES-256 meets regulatory requirements
python3 qltx.py -v 4 pack patient_records.db hipaa_archive.qltx \
  --compression zstd \
  --block-size 2097152
Enter fullscreen mode Exit fullscreen mode

2. High-Performance Backup Systems

Data centers with AES-NI capable hardware:

# Hardware-accelerated encryption for fast backups
python3 qltx.py -v 4 pack /data/production.tar daily_backup.qltx \
  --workers 32 \
  --compression zstd
Enter fullscreen mode Exit fullscreen mode

3. Selective Data Extraction

Quickly retrieve specific sections from large encrypted archives:

# Extract log segment without unpacking entire 10GB file
python3 qltx.py seek large_logs.qltx 5368709120 1048576 \
  --output critical_period.log
Enter fullscreen mode Exit fullscreen mode

Testing V4

Run the comprehensive V4 test suite:

```bashA Major Cryptographic Upgrade for Modern Security Standards

Posted by Muhammed Shafin P (HejHdiss) | Qeltrix Project Lead

I’m excited to announce Qeltrix V4, a focused cryptographic upgrade that marks a significant milestone in the Qeltrix ecosystem. This release represents a deliberate break from backward compatibility in favor of adopting industry-standard, hardware-accelerated encryption that meets modern security requirements.

What’s New in V4?

  1. AES256-GCM as the Core Cipher V4 makes a fundamental shift from ChaCha20-Poly1305 to AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) as the sole bulk encryption algorithm.

Why AES256-GCM?

Industry Standard: Widely vetted, NIST-approved, and certified for government use
Hardware Acceleration: Native CPU support via AES-NI on modern processors delivers exceptional performance
Proven Security: Decades of cryptanalysis with no practical attacks on properly implemented AES-GCM
Compliance Ready: Meets regulatory requirements (FIPS 140–2, PCI DSS, HIPAA)

V4 uses AES256-GCM by default - no algorithm flag needed

python3 qltx.py -v 4 pack sensitive_data.db encrypted.qltx
Auto (Perl)

  1. No Cross-Version Compatibility Like V3 before it, V4 is not backward compatible with earlier versions.

What This Means:

qeltrix-4.py can only pack and unpack V4 format files
qeltrix-3.py can only pack and unpack V3 format files
V4 containers cannot be opened by V1/V2/V3 scripts
V3 containers cannot be opened by V1/V2/V4 scripts
The universal dispatcher (qltx.py) handles version routing automatically
Why No Backward Compatibility?

Clean Implementation: Each version focuses on its specific cryptographic approach
Security First: Ensures each version uses its intended encryption without legacy compromises
Simplified Codebase: Version-specific scripts are easier to audit and maintain
Migration Strategy:

The qltx.py dispatcher ensures smooth coexistence of all versions:

Each version's files are handled by their respective backends

python3 qltx.py unpack old_v1_file.qltx output.dat # Uses V1 backend
python3 qltx.py unpack old_v2_file.qltx output.dat # Uses V2 backend
python3 qltx.py unpack old_v3_file.qltx output.dat # Uses V3 backend
Auto (Perl)

New V4 files require explicit version flag

python3 qltx.py -v 4 pack newfile.dat v4_archive.qltx # Uses V4 backend
python3 qltx.py unpack v4_archive.qltx newfile.dat # Auto-detects V4

  1. Retained V2 Performance Features V4 maintains all the high-performance capabilities introduced in V2:

FeatureStatusBenefitParallel Unpacking✓ RetainedMulti-core decryption for fast extractionRandom Access (seek)✓ RetainedRead specific byte ranges without full decryptionZstd Compression✓ RetainedChoose between LZ4 (speed) and Zstd (ratio)Two-Pass & Single-Pass✓ RetainedFlexible key derivation modes

V4 with all performance features

python3 qltx.py -v 4 pack large_backup.iso archive.qltx \
--compression zstd \
--block-size 4194304 \
--workers 16
Auto (SQL)

Fast random access in V4 files

python3 qltx.py seek archive.qltx 104857600 8192 --output section.bin

  1. Mandatory Explicit Version Selection The dispatcher now requires the -v flag for packing operations to prevent accidental version mismatches:

❌ This will fail - no implicit version selection

python3 qltx.py pack file.dat output.qltx
Auto (Perl)

✓ Correct - explicit version required

python3 qltx.py -v 4 pack file.dat output.qltx
python3 qltx.py -v 3 pack file.dat output.qltx --recipient-pub-key key.pem
python3 qltx.py -v 2 pack file.dat output.qltx --compression zstd
Unpacking and seeking remain automatic:

Dispatcher reads file header and routes to correct version

python3 qltx.py unpack any_version.qltx output.dat
python3 qltx.py seek any_version.qltx 1024 512
Auto (Perl)
What Was Removed in V4?

  1. ChaCha20-Poly1305 Support V4 does not support ChaCha20-Poly1305. If you need this cipher:

Use V3 with --algo chacha20
Consider migrating to V4 for hardware-accelerated performance

  1. Multi-Algorithm Flag
    The --algo argument is removed in V4 since there's only one cipher option.

  2. Asymmetric Key Transport (V3-A Features)
    V4 currently focuses on content-derived encryption only. Asymmetric features from V3 are not included:

No --recipient-pub-key support
No --signer-priv-key or metadata signing
No RSA-OAEP key transport
For asymmetric encryption, continue using V3:

Still use V3 for asymmetric workflows

python3 qltx.py -v 3 pack secret.pdf encrypted.qltx \
--recipient-pub-key recipient.pem \
--signer-priv-key my_private.pem
Auto (Rust)
Note: Future versions may reintroduce asymmetric features with AES256-GCM. V4 establishes the cryptographic foundation first.

Complete V4 Usage Guide
Installation
Dependencies remain unchanged:

pip install lz4 cryptography zstandard
Auto (TypeScript)
Packing with V4

Basic V4 packing

python3 qltx.py -v 4 pack myfile.dat secure.qltx
Auto (Perl)

High-performance configuration

python3 qltx.py -v 4 pack database.sql backup.qltx \
--compression zstd \
--block-size 4194304 \
--workers 12

Fast single-pass mode (useful for large files where speed matters)

python3 qltx.py -v 4 pack bigvideo.mp4 video.qltx \
--mode single_pass_firstN \
--head-bytes 2097152
Unpacking V4 Files

Basic unpacking (auto-detects V4)

python3 qltx.py unpack secure.qltx myfile.dat
Auto (Perl)

Parallel unpacking with integrity verification

python3 qltx.py unpack backup.qltx database.sql --workers 16

Fast unpacking (skip checksum verification)

python3 qltx.py unpack video.qltx bigvideo.mp4 --no-verify
Random Access (Seek)

Extract 1MB starting at 50MB offset

python3 qltx.py seek archive.qltx 52428800 1048576 --output extract.bin
Auto (SQL)

Parallel seek for faster decompression

python3 qltx.py seek backup.qltx 10485760 4096 --workers 8
Version Compatibility Matrix
FeatureV1V2V3V4ChaCha20-Poly1305✓✓✓✗AES256-GCM✗✗✓✓Content-Derived Keys✓✓✓✓Parallel Pack/Unpack✓✓✓✓Random Access (seek)✗✓✓✓Zstd Compression✗✓✓✓Asymmetric Keys (RSA)✗✗✓✗Metadata Signing✗✗✓✗Backward CompatibleN/A✓✓✗

Performance: V3 vs V4
Benchmark on an 8-core Intel i7 with AES-NI (1GB test file, Zstd compression):

OperationV3 (ChaCha20)V3 (AES256)V4 (AES256)Pack~45s~42s~41sUnpack~18s~16s~15sSeek (4KB)~0.2s~0.18s~0.17s

Results are illustrative. Performance varies with hardware and file characteristics.

Key Takeaway: V4 delivers the best performance on modern hardware with AES-NI support, while maintaining V2’s parallel processing advantages.

Security Considerations
V4 Cryptographic Stack
┌─────────────────────────────────────────┐
│ Key Derivation: HKDF-SHA256 │
│ └─ Info: KEY_INFO_V4 (version-specific)│
├─────────────────────────────────────────┤
│ Bulk Encryption: AES-256-GCM │
│ └─ 256-bit keys, 96-bit nonces │
├─────────────────────────────────────────┤
│ Per-Block Authentication: GCM Tags │
│ └─ 128-bit authentication tags │
├─────────────────────────────────────────┤
│ Global Integrity: SHA256 checksum │
│ └─ Full ciphertext verification │
└─────────────────────────────────────────┘
Auto (YAML)
Content-Derived Key Modes
Two-Pass (Default — Highest Security):

Derives key from SHA256 hash of entire compressed stream
Requires two passes over data and temporary storage
Best for: Maximum security, archival use
Single-Pass-FirstN (Speed-Optimized):

Derives key from hash of first N raw bytes
Single pass, bounded memory usage
Best for: Large files where beginning is unique, performance-critical scenarios
Proof-of-Concept Disclaimer
Qeltrix V4 remains a Proof-of-Concept:

Built on industry-standard cryptography via the cryptography library
No formal security audit has been conducted
You are responsible for key management and secure usage
Evaluate whether Qeltrix meets your specific threat model
Migration Guide
From V1/V2 to V4

1. Unpack existing file (dispatcher handles V1/V2 automatically)

python3 qltx.py unpack old_v2_file.qltx original_data.bin
Auto (Perl)

2. Repack with V4

python3 qltx.py -v 4 pack original_data.bin new_v4_file.qltx
From V3 to V4
If using content-derived keys (non-asymmetric V3):

Similar process as V1/V2

python3 qltx.py unpack v3_content_derived.qltx data.bin
python3 qltx.py -v 4 pack data.bin v4_version.qltx
Auto (Kotlin)
If using asymmetric V3-A:

V4 does not support asymmetric features. Continue using V3 for these workflows, or implement external key management:

Option 1: Keep V3 for asymmetric needs

python3 qltx.py -v 3 pack sensitive.doc encrypted.qltx \
--recipient-pub-key recipient.pem
Auto (Perl)

Option 2: Use V4 with external key exchange

(Manage key sharing through separate channels)

python3 qltx.py -v 4 pack sensitive.doc encrypted.qltx
Real-World Use Cases for V4

  1. Compliance-Required Archival Organizations needing FIPS 140–2 compliant encryption:

AES-256 meets regulatory requirements

python3 qltx.py -v 4 pack patient_records.db hipaa_archive.qltx \
--compression zstd \
--block-size 2097152
Auto (CSS)

  1. High-Performance Backup Systems Data centers with AES-NI capable hardware:

Hardware-accelerated encryption for fast backups

python3 qltx.py -v 4 pack /data/production.tar daily_backup.qltx \
--workers 32 \
--compression zstd
Auto (Bash)

  1. Selective Data Extraction Quickly retrieve specific sections from large encrypted archives:

Extract log segment without unpacking entire 10GB file

python3 qltx.py seek large_logs.qltx 5368709120 1048576 \
--output critical_period.log
Auto (Perl)
Testing V4
Run the comprehensive V4 test suite:

python3 test-4.py
Auto (TypeScript)
The test suite verifies:

AES256-GCM encryption/decryption
Two-pass and single-pass key derivation
Parallel unpacking performance
Random access (seek) functionality
Compression algorithms (LZ4, Zstd)
Integrity verification
Community-Driven Development
Qeltrix is an open-source, community-driven project. The original author does not guarantee regular updates or maintenance. Future development depends entirely on community interest and contributions.

This is where YOU come in:

If Qeltrix solves a problem for you or inspires new ideas, consider:

Forking and Extending: Add features that fit your use case
Contributing Back: Submit pull requests for improvements
Building Tools: Create GUI applications, language bindings, or integration libraries
Sharing Knowledge: Write tutorials, security analyses, or implementation guides
Taking Ownership: If you’re passionate about this project, you can become a maintainer
The concept and codebase are openly licensed (CC BY-SA 4.0 for concept, GPLv3 for code) specifically to enable the community to take Qeltrix in new directions. Whether that’s adding asymmetric features to V4, creating specialized versions for specific industries, or building entirely new architectures — the foundation is here for you to build upon.

Qeltrix’s future is in your hands.

Common Questions and Clarifications
Q: Why remove ChaCha20-Poly1305?
A: V4 focuses on a single, standards-compliant cipher to simplify the codebase and ensure consistent security properties. ChaCha20 remains available in V3.

Q: Can I still use V3 for asymmetric encryption?
A: Yes! The dispatcher ensures V3 continues to work perfectly. Use python3 qltx.py -v 3 pack ... for asymmetric workflows.

Q: Will my old files stop working?
A: No. The dispatcher automatically handles V1/V2/V3 files. Only new V4 files require V4-compatible tools.

Q: Is V4 production-ready?
A: V4 uses battle-tested cryptography, but Qeltrix remains a PoC without formal audit. Evaluate based on your security requirements.

Q: How do I choose between versions?

V1: Basic use, simplest implementation
V2: Need speed (parallel ops, seek) with content-derived keys
V3: Require asymmetric encryption, signing, or algorithm choice
V4: Want modern standards (AES256), compliance, best hardware performance
Get Qeltrix V4
GitHub Repository: https://github.com/hejhdiss/Qeltrix

The repository includes:

qeltrix.py - V1 implementation
qeltrix-2.py - V2 implementation
qeltrix-3.py - V3 implementation
qeltrix-4.py - V4 implementation (NEW)
qltx.py - Universal dispatcher with mandatory -v flag
Complete documentation and test suites
qeltrix-pypi folder with package documentation
Licensing
Dual License Model:

Code (GPLv3): All Python implementations are free to use, modify, and distribute under GNU General Public License v3
Concept (CC BY-SA 4.0): The underlying cryptographic approach and file format design require attribution for derivative works
Final Thoughts
Qeltrix V4 is a Proof-of-Concept demonstrating content-derived encryption with modern cryptographic standards. While built on robust primitives from the cryptography library (AES-256-GCM, HKDF-SHA256), this project:

Has not undergone professional security auditing
Requires your own security evaluation for production use
Depends on proper key management practices by the user
Is provided as-is without warranty or guaranteed maintenance
Development Status:
The author does not commit to regular updates. This is an open-source project meant to inspire and serve as a foundation. If you find value in Qeltrix, the code and concept are yours to maintain, extend, and improve.

Use Responsibly:
Evaluate whether Qeltrix meets your specific threat model and compliance requirements. Consider consulting security professionals before deploying in critical environments.

The universal dispatcher ensures existing workflows continue uninterrupted while V4 provides a modern cryptographic option for those who need it.

Qeltrix is yours to build upon. Fork it. Extend it. Make it fit your needs.

Qeltrix (.qltx) — Content-Derived Encryption, Evolved Again
Copyright © 2025 HejHdiss (Muhammed Shafin P)
Code: GPLv3 | Concept: CC BY-SA 4.0 International

For questions, contributions, or feedback:
GitHub: https://github.com/hejhdiss/Qeltrix

Special thanks to the cryptography and security communities for their continued guidance and the contributors who make Qeltrix possible.
python3 test-4.py




The test suite verifies:
- AES256-GCM encryption/decryption
- Two-pass and single-pass key derivation
- Parallel unpacking performance
- Random access (seek) functionality
- Compression algorithms (LZ4, Zstd)
- Integrity verification

## Community-Driven Development

Qeltrix is an **open-source, community-driven project**. The original author does not guarantee regular updates or maintenance. Future development depends entirely on community interest and contributions.

**This is where YOU come in:**

If Qeltrix solves a problem for you or inspires new ideas, consider:

- **Forking and Extending**: Add features that fit your use case
- **Contributing Back**: Submit pull requests for improvements
- **Building Tools**: Create GUI applications, language bindings, or integration libraries
- **Sharing Knowledge**: Write tutorials, security analyses, or implementation guides
- **Taking Ownership**: If you're passionate about this project, you can become a maintainer

The concept and codebase are openly licensed (CC BY-SA 4.0 for concept, GPLv3 for code) specifically to enable the community to take Qeltrix in new directions. Whether that's adding asymmetric features to V4, creating specialized versions for specific industries, or building entirely new architectures—the foundation is here for you to build upon.

**Qeltrix's future is in your hands.**

## Common Questions and Clarifications

**Q: Why remove ChaCha20-Poly1305?**  
A: V4 focuses on a single, standards-compliant cipher to simplify the codebase and ensure consistent security properties. ChaCha20 remains available in V3.

**Q: Can I still use V3 for asymmetric encryption?**  
A: Yes! The dispatcher ensures V3 continues to work perfectly. Use `python3 qltx.py -v 3 pack ...` for asymmetric workflows.

**Q: Will my old files stop working?**  
A: No. The dispatcher automatically handles V1/V2/V3 files. Only new V4 files require V4-compatible tools.

**Q: Is V4 production-ready?**  
A: V4 uses battle-tested cryptography, but Qeltrix remains a PoC without formal audit. Evaluate based on your security requirements.

**Q: How do I choose between versions?**

- **V1**: Basic use, simplest implementation
- **V2**: Need speed (parallel ops, seek) with content-derived keys
- **V3**: Require asymmetric encryption, signing, or algorithm choice
- **V4**: Want modern standards (AES256), compliance, best hardware performance

## Get Qeltrix V4

**GitHub Repository**: [https://github.com/hejhdiss/Qeltrix](https://github.com/hejhdiss/Qeltrix)

The repository includes:
- `qeltrix.py` - V1 implementation
- `qeltrix-2.py` - V2 implementation
- `qeltrix-3.py` - V3 implementation
- `qeltrix-4.py` - **V4 implementation (NEW)**
- `qltx.py` - Universal dispatcher with mandatory `-v` flag
- Complete documentation and test suites
- `qeltrix-pypi` folder with package documentation

## Licensing

**Dual License Model:**

- **Code (GPLv3)**: All Python implementations are free to use, modify, and distribute under GNU General Public License v3
- **Concept (CC BY-SA 4.0)**: The underlying cryptographic approach and file format design require attribution for derivative works

## Final Thoughts

Qeltrix V4 is a **Proof-of-Concept** demonstrating content-derived encryption with modern cryptographic standards. While built on robust primitives from the `cryptography` library (AES-256-GCM, HKDF-SHA256), this project:

- Has **not undergone professional security auditing**
- Requires **your own security evaluation** for production use
- Depends on **proper key management** practices by the user
- Is provided **as-is** without warranty or guaranteed maintenance

**Development Status:**  
The author does not commit to regular updates. This is an open-source project meant to inspire and serve as a foundation. If you find value in Qeltrix, the code and concept are yours to maintain, extend, and improve.

**Use Responsibly:**  
Evaluate whether Qeltrix meets your specific threat model and compliance requirements. Consider consulting security professionals before deploying in critical environments.

The universal dispatcher ensures existing workflows continue uninterrupted while V4 provides a modern cryptographic option for those who need it.

**Qeltrix is yours to build upon.** Fork it. Extend it. Make it fit your needs.

---

**Qeltrix (.qltx) - Content-Derived Encryption, Evolved Again**  
Copyright © 2025 HejHdiss (Muhammed Shafin P)  
Code: GPLv3 | Concept: CC BY-SA 4.0 International

For questions, contributions, or feedback:  
**GitHub**: [https://github.com/hejhdiss/Qeltrix](https://github.com/hejhdiss/Qeltrix)

---

*Special thanks to the cryptography and security communities for their continued guidance and the contributors(supporters) who make Qeltrix possible.*
Enter fullscreen mode Exit fullscreen mode

Top comments (0)