Start Here01

Overview

Understand what Avikal is, what problems it is designed for, and how the desktop app, archive format, secrets, TimeCapsule release, and local runtime fit together.

Avikal is an India-built secure archive system for files that should be handled with more care than ordinary attachments or generic compressed folders. Users choose files or folders, place them into an Avikal archive, and protect that archive with the available secret and release controls.

The desktop app presents Avikal through visible workflows: Encode, Decode, Rekey, Time-Capsule, and Settings. These pages are intended to keep daily use understandable while the archive format carries the lower-level details: encrypted payload data, chess-based metadata records, password or keyphrase protection, optional post-quantum protection, and optional time-based release.

The user remains responsible for the secrets and files needed to unlock an archive. If a password, keyphrase, or required keyfile is lost, the archive may be permanently inaccessible.

What Avikal Is For

Avikal is built for private file custody, controlled release, backup, research, and archival workflows where the user wants a local archive format with explicit protection choices.

Typical uses described by the product include:

  • preserving important personal or institutional files
  • sealing submissions or records that should not open immediately
  • creating archives with password or keyphrase protection
  • using TimeCapsule release for future unlock conditions
  • preparing archives with optional post-quantum protection
  • previewing decoded archive contents before saving or extracting them

The app is designed to make these workflows accessible without requiring the user to operate the underlying cryptographic and packaging steps manually.

The Archive Idea

Avikal archives use the .avk extension. Internally, an archive separates the protected file payload from the metadata and access material.

The required archive members are:

  • keychain.pgn
  • payload.enc

The product identity comes partly from keychain.pgn, which uses Chess-PGN form as the metadata carrier. The chess record is not a substitute for encryption. It is the archive's metadata carrier and identity layer. Confidentiality and tamper detection rely on the cryptographic protections described in the security model.

User Secrets

Avikal supports several unlock materials depending on how an archive is created:

  • no user secret for a plain .avk archive
  • password protection
  • a 21-word Hindi or Devanagari keyphrase
  • password and keyphrase together
  • optional PQC protection
  • optional external .avkkey storage
  • optional second password on external .avkkey files

When multiple protection options are enabled, the archive requires the relevant materials during unlock. The UI warns users when a workflow creates a stronger dependency on multiple secrets.

TimeCapsule Release

TimeCapsule workflows create archives that should unlock only after a future time. The app validates the selected unlock time and uses backend time checks to reduce reliance on the local system clock.

The documentation describes two provider paths:

  • drand, the default public time-release authority
  • Aavrit, an optional server-backed authority that appears when an Aavrit server is connected

TimeCapsule archives can also include password, keyphrase, and PQC protection depending on the selected options.

Local Desktop Runtime

The desktop app runs as an Electron application with a custom title bar, navigation, tray behavior, and settings modal. The interface talks to the Avikal backend through JSON-RPC over standard input and output for normal desktop communication.

Production crypto depends on the native Rust crypto runtime. If the native crypto runtime is unavailable, the app is designed to fail closed instead of silently falling back to weaker behavior.

Shared Core Packaging

The Windows GUI and CLI installer paths are designed around a shared Avikal core. If a compatible shared core is already installed, the other installer can reuse it instead of duplicating heavy runtime files.

Production Windows releases are described as self-contained local installers rather than small network installers.

What To Read Next

Start with Encode if you want to create an archive. Read Decode if you need to unlock or preview an existing .avk. Use Rekey for supported credential rotation, and Time-Capsule for future-release archives.

The security and architecture sections explain the archive format, cryptographic features, file safety checks, progress reporting, diagnostics, CLI packaging, and feature summary.