Kemforge is a modern, curl-compatible CLI tool designed to make web requests with built-in support for Post-Quantum Cryptography (PQC). It serves as a security-first alternative to traditional tools like curl, addressing the growing threat of quantum computing attacks on encrypted data.
Key Features:
Built-In PQC Support: Kemforge integrates post-quantum cryptographic algorithms out of the box, ensuring secure connections without relying on system TLS libraries.
Automatic PQC Detection: Every HTTPS request provides detailed TLS metadata, indicating whether PQC was successfully negotiated. If not, Kemforge warns users about potential vulnerabilities to quantum attacks.
Curl Compatibility: Designed as a seamless replacement for curl, Kemforge supports common features and flags, enabling developers to switch effortlessly while enhancing security.
Audience & Benefit:
Ideal for developers, DevOps engineers, and organizations prioritizing cybersecurity. Kemforge ensures secure web requests by automatically negotiating PQC when available, eliminating the risk of "Harvest Now, Decrypt Later" attacks. Its compatibility with curl allows for immediate adoption without workflow disruption.
Kemforge can be installed via winget, making it accessible across supported platforms.
README
Kemforge
Kemforge is a modern, curl-compatible CLI tool for making web requests — built from the ground up with Post-Quantum Cryptography (PQC) support. It is the security-first successor to curl, designed to address the primary threat of the modern era: quantum attacks.
Traditional encryption algorithms (RSA, ECDH) that protect today's internet traffic are vulnerable to attacks by quantum computers. Adversaries are already harvesting encrypted data today with the intent to decrypt it once quantum computers become powerful enough — a strategy known as "Harvest Now, Decrypt Later".
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against both classical and quantum computers. Standards such as ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism, formerly known as CRYSTALS-Kyber) have been standardized by NIST to replace vulnerable key exchange mechanisms.
Kemforge makes PQC accessible and effortless:
No dependency on system TLS libraries — Unlike curl, which relies on the installed version of Schannel (Windows), OpenSSL (Linux), or Secure Transport (macOS) for PQC support, Kemforge provides PQC out of the box on every platform, regardless of the underlying TLS library version.
Automatic PQC detection — Every HTTPS request returns TLS metadata indicating whether PQC was used. If PQC is not negotiated, Kemforge warns you that the server is not protected against quantum attacks.
Drop-in curl replacement — Kemforge supports all common curl features and flags, so you can switch seamlessly.
Every HTTPS request made with Kemforge outputs TLS Data to stderr, giving you immediate insight into the security of your connection:
* TLS DATA:
* TlsVersion: 1.3
* Cipher: TLS_AES_128_GCM_SHA256
* KeyExchangeGroup: X25519MLKEM768
* This server supports post quantum cryptography so the server has protection against quantum attacks.
If the server does not support PQC, you will see a warning:
* TLS DATA:
* TlsVersion: 1.3
* Cipher: TLS_AES_128_GCM_SHA256
* KeyExchangeGroup: X25519
* This server is not protected against quantum attacks as the key exchange group does not contain MLKEM.
> Note: If PQC is not used, it is caused by the server's configuration — not Kemforge. Kemforge always negotiates PQC when the server supports it.
Curl Feature Compatibility
Kemforge supports all common curl features, including but not limited to:
go install github.com/ConnectingApps/kemforge@latest
macOS via Homebrew
Kemforge can be installed via Homebrew. Open Terminal and run:
brew tap ConnectingApps/kemforge
brew install kemforge
Kemforge works on both Apple Silicon (M1/M2/M3/M4) and Intel Macs.
Windows via go install
Install Go by downloading the installer from https://go.dev/dl/ and running it. The installer adds Go to your PATH automatically.
Ensure the Go bin directory is in your PATH. Open PowerShell and run:
$GoBin = go env GOBIN
$GoPath = go env GOPATH
$BinPath = if ($GoBin) { $GoBin } else { "$GoPath\bin" }
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$BinPath", "User")
Then restart your terminal for the change to take effect.
Install kemforge:
go install github.com/ConnectingApps/kemforge@latest
Windows via winget
Kemforge can be installed via winget. Open Terminal and run:
winget install ConnectingApps.Kemforge
After installation
Once installed, kemforge can be used just like curl:
kemforge -I https://www.google.com
Build from source
Requires Go 1.26.
git clone https://github.com/ConnectingApps/kemforge.git
cd kemforge
go build -v .
This produces the kemforge binary (or kemforge.exe on Windows).
Testing
Kemforge uses a two-stage testing strategy, as reflected in the CI/CD pipeline:
Stage 1: Verify the test infrastructure against curl
Before testing Kemforge itself, the test script and Python test server are validated against standard curl to ensure the test harness is correct:
# Create a Python virtual environment and install dependencies
python -m venv .venv
.venv/bin/pip install flask cryptography # Linux/macOS
# .venv\Scripts\pip install flask cryptography # Windows
# Run tests against curl to verify the test script and server
pwsh -File test_curl.ps1 curl
This step ensures that test_curl.ps1 (the PowerShell test runner) and test_server.py (the local Flask test server) work correctly — any failure here is a problem with the test infrastructure, not Kemforge.
Stage 2: Build and test Kemforge
Once the test infrastructure is verified, Kemforge is built and tested against the same test suite:
# Build
go build -v .
# Run the same test suite against the Kemforge binary
pwsh -File test_curl.ps1 ./kemforge # Linux/macOS
# pwsh -File test_curl.ps1 ./kemforge.exe # Windows
The test script starts a local Flask test server (test_server.py) automatically — no external services are required.
CI/CD Pipeline
The GitHub Actions pipeline (.github/workflows/go.yml) runs both stages across Ubuntu, Windows, and macOS to ensure cross-platform compatibility.
Sponsors
Kemforge is an open-source project that relies on community support. If you find Kemforge useful, please consider sponsoring us on Open Collective. Your sponsorship helps us maintain and improve the project — and as a sponsor, you can get your company logo featured right here on this README page.