Architecture09

Archive Format

Understand the .avk container structure, required members, optional PQC member, file and folder support, inspection hints, and validation behavior.

An Avikal archive is a ZIP-based .avk container with required and optional members. The format separates metadata and access material from the encrypted payload.

This separation supports archive inspection, preview workflows, and supported credential rotation without treating the archive as one opaque blob.

Required Members

Every valid .avk archive requires:

  • keychain.pgn
  • payload.enc

keychain.pgn is the metadata carrier. It contains the Avikal chess record and access-related material.

payload.enc contains the encrypted payload bytes for the archived files.

Optional Members

Embedded PQC mode adds:

  • pqc.enc

This member is used when the PQC bundle is stored inside the .avk archive instead of being stored separately as an external .avkkey file.

Multi-File Support

Avikal supports archives containing multiple files and folders. Folder structure is preserved, and selected nested exclusions can be omitted before encoding.

The Encode staging list is designed to support large sets by letting users search, select, remove, and exclude nested items before archive creation.

Single-File Support

Single-file archives can be encoded, decoded, previewed, saved, and rekeyed when eligible.

Eligibility for rekey still depends on the archive protection mode. For example, normal password and keyphrase archives are in scope, while TimeCapsule and PQC-protected archives are not currently rekeyed.

Archive Inspection

Decode and Rekey use archive inspection to read safe public hints without fully unlocking the archive.

These hints can tell the UI whether password, keyphrase, PQC, embedded PQC, external .avkkey, or TimeCapsule release fields are relevant.

Container Validation

The backend validates container structure and rejects malformed archives, missing required members, duplicate members, unexpected entries, and other unsafe layout problems.

Validation is part of file safety. It helps prevent the app from treating malformed or unsafe container layouts as valid Avikal archives.

Relationship To ZIP

The .avk container is ZIP-based, but it should not be treated like a normal user-facing ZIP workflow. Users should use Avikal's Decode and preview actions instead of manually modifying archive internals.