# KeibiDrop -- Post-Quantum Encrypted P2P File Transfer

## What It Is

KeibiDrop lets you share files between any two devices over a direct, encrypted peer-to-peer connection. No cloud. No accounts. No servers touching your data.

## Why It Exists

Every file sharing service today requires you to upload your files to a server. That server can read your files, log your metadata, and be subpoenaed. Even "encrypted" services hold the keys.

KeibiDrop removes the server entirely. Files travel directly between your device and your peer. The only intermediary is a relay server that helps peers discover each other -- and it only sees encrypted blobs it cannot decrypt.

## Value Proposition

- **No accounts.** Your identity is an ephemeral cryptographic fingerprint generated on startup. No email, no password, no OAuth.
- **Ephemeral keys.** Keys rotate on every disconnect. Your fingerprint changes. Previous sessions cannot be linked to new ones.
- **Resume on download.** Large file transfers use chunk-based streaming with a bitmap tracker. Reconnect and continue where you left off.
- **Post-quantum encryption.** ML-KEM-1024 + X25519 hybrid key exchange. Defense in depth -- if either algorithm is broken, the other still protects you.
- **Forward secrecy.** Session keys rotate automatically after 1 GB of data or 1 million messages.
- **No telemetry.** Zero analytics, zero crash reports, zero phone-home.
- **Open source.** Mozilla Public License 2.0. Every line is auditable.

## Three Modes

KeibiDrop can be used in three ways:

1. **Desktop GUI** (Rust + Slint) -- Drag and drop, progress bars, native file dialogs
2. **Interactive CLI** (keibidrop-cli) -- Terminal REPL for developers
3. **Agent CLI** (kd) -- Non-interactive daemon with JSON output for AI agents and scripts

All three modes support FUSE (files appear as a virtual folder) and no-FUSE (CLI commands or drag-and-drop).

## How It Works

1. Start KeibiDrop on both devices. Each generates a cryptographic fingerprint.
2. Exchange fingerprints via any channel (Signal, Telegram, email).
3. One peer creates a room, the other joins. Direct IPv6 connection established.
4. Share files. With FUSE, files appear in a virtual folder. Without FUSE, use add/pull commands.
5. Disconnect when done. Keys rotate. Identity disappears.

## Technical Stack

- **Go 1.24** -- Networking, cryptography (crypto/mlkem stdlib), FUSE filesystem
- **Rust + Slint** -- Native cross-platform desktop UI, 20MB binary
- **gRPC + Protocol Buffers** -- Type-safe peer communication
- **ChaCha20-Poly1305** -- Authenticated encryption for all data
- **cgofuse** -- Cross-platform FUSE bindings (macOS, Linux, Windows)
- **IPv6 direct P2P** -- No STUN/TURN, no NAT traversal

## Related Pages

- [Quickstart Guide](keibidrop-quickstart.md) -- Build and run in 5 minutes
- [Agent CLI Guide](keibidrop-agent-guide.md) -- Full kd reference for AI agents
- [API Reference](keibidrop-api-reference.md) -- Commands, env vars, JSON output
- [Security Model](keibidrop-security.md) -- Cryptography and relay privacy
- [FUSE vs No-FUSE](keibidrop-fuse-vs-nofuse.md) -- Choosing the right mode
- [WAW Index](index.md) -- All pages

## Links

- GitHub: [github.com/KeibiSoft/KeibiDrop](https://github.com/KeibiSoft/KeibiDrop)
- Product Page: [keibisoft.com/tools/keibidrop.html](https://keibisoft.com/tools/keibidrop.html)
- Blog: [keibisoft.com/blog.html](https://keibisoft.com/blog.html)