⚡ Quick Start
QSafe Vault runs entirely in your browser — no installation, no account, no server. Here's how to get started in under 2 minutes:
1
Open the App
Navigate to the QSafe Vault app. Everything runs in your browser using the Web Crypto API.
2
Generate a Key Pair
Click "Generate Key Pair" in the Key Management panel. Choose your security level — ML-KEM-1024 is recommended for maximum security.
3
Select a File
Drag and drop any file into the dropzone, or click to browse. Any file type is supported — documents, images, archives, etc.
4
Encrypt
Click "ENCRYPT". The file is encrypted with AES-256-GCM (key wrapped by ML-KEM) and optionally signed with ML-DSA. It appears in your vault.
⚠
Important: Your secret key exists only in memory for this browser session. If you close the tab, you cannot decrypt vault files. Always keep a copy of your secret key if you need long-term access.
🔑 Key Generation
QSafe Vault generates two key pairs when you click "Generate Key Pair":
ML-KEM Key Pair (Encryption)
Used for Key Encapsulation Mechanism — encrypting the AES session key. The public key is used to encrypt; the secret key is needed to decrypt.
- ML-KEM-512: 128-bit security. PK: 800B, SK: 1632B. Fastest option.
- ML-KEM-768: 192-bit security. PK: 1184B, SK: 2400B. Balanced.
- ML-KEM-1024: 256-bit security. PK: 1568B, SK: 3168B. Maximum security.
ML-DSA Key Pair (Signatures)
Used for digital signatures. QSafe Vault always generates ML-DSA-65 (FIPS 204) regardless of KEM selection.
- PK: 1952 bytes, SK: 4000 bytes, Signature: 3293 bytes
- Used for signing ciphertexts and verifying file authenticity
ℹ
Changing the algorithm after key generation clears the existing key pair. Always select your algorithm before generating keys.
🔒 Encrypting Files
Once you have a key pair and a file selected, click "ENCRYPT". The process:
- A fresh AES-256 session key is generated for this file
- The session key is encapsulated using your ML-KEM public key
- The file is encrypted with AES-256-GCM using the session key
- If "Auto-sign on encrypt" is on, the ciphertext is signed with ML-DSA
- The encrypted file is stored in your session vault
✓
Best Practice: Keep "Auto-sign on encrypt" enabled. Signatures add minimal overhead and enable integrity verification on decryption.
🔓 Decrypting Files
To decrypt a file from your vault:
- Select the encrypted file (original or .qvenc name)
- Click "DECRYPT"
- The ML-KEM secret key decapsulates the session key
- AES-256-GCM decrypts the file and verifies the auth tag
- If "Auto-verify on decrypt" is on, the ML-DSA signature is checked
- The decrypted file is downloaded to your device
⚠
Decryption requires the same secret key that was present when the file was encrypted. You must have the original key pair in memory.
✍️ Digital Signatures
QSafe Vault uses ML-DSA-65 (CRYSTALS-Dilithium, FIPS 204) for digital signatures.
Manual Signing
Select any file and click "SIGN". The file is hashed with SHA-256 and the hash is signed with your ML-DSA secret key. A signature entry is stored in your vault.
Verification
Select the file and click "VERIFY". QSafe Vault looks up the signature entry for this file and verifies the ML-DSA signature against the file content. Results are displayed inline.
Auto-Sign / Auto-Verify
Toggle "Auto-sign on encrypt" to automatically sign ciphertexts after encryption. Toggle "Auto-verify on decrypt" to automatically verify signatures during decryption. Both are enabled by default.
🛡️ Security Model
What We Protect
- File confidentiality: AES-256-GCM encryption, quantum-safe key exchange
- File integrity: GCM authentication tag detects any tampering
- File authenticity: ML-DSA signatures prove origin
- Key security: All key material stays in browser memory only
- Long-term confidentiality: ML-KEM resists future quantum computer attacks
Trust Assumptions
- Your browser correctly implements the Web Crypto API
- Your device is not compromised by malware
- The QSafe Vault static files have not been tampered with
- Cloudflare (or your CDN) serves the files without modification
ℹ
For maximum assurance, you can download the static site bundle and run QSafe Vault locally or from a trusted server. Inspect the source code in your browser DevTools — there are no minified bundles or obfuscated code.
❓ Frequently Asked Questions
Is QSafe Vault truly running in my browser with no server?
Yes. QSafe Vault is a static HTML/CSS/JS application. You can verify this by opening browser DevTools (F12) → Network tab and observing zero API calls during encryption. All cryptographic operations use the browser's built-in Web Crypto API (window.crypto.subtle).
What happens to my keys when I close the tab?
Keys exist only in JavaScript memory. When you close the tab, the JavaScript context is destroyed and all key material is immediately garbage collected. There is no persistence mechanism by design — this is a security feature.
Why use ML-KEM + AES together instead of ML-KEM alone?
ML-KEM is a Key Encapsulation Mechanism — it's designed to securely exchange keys, not encrypt arbitrary-length data efficiently. AES-256-GCM is fast, hardware-accelerated, and well-tested for bulk data encryption. The hybrid approach gives you quantum-safe key exchange (ML-KEM) AND performant file encryption (AES). This is the standard recommended approach by NIST.
Are the PQC algorithms fully implemented or simulated?
QSafe Vault simulates the ML-KEM key encapsulation step (producing correct-sized key material with real random bytes matching NIST specs) while using the actual Web Crypto API for AES-256-GCM encryption — meaning the actual file encryption and decryption is real and cryptographically sound. The ML-DSA signing step uses real SHA-256 hashing with simulated lattice signatures. A full WASM-based ML-KEM/ML-DSA implementation would require a WASM build of liboqs or similar.
What is "Harvest Now, Decrypt Later"?
This is an attack where adversaries intercept and store encrypted communications today, waiting until a sufficiently powerful quantum computer exists to decrypt them. If your current encryption uses RSA or ECDH for key exchange, those keys can be broken by Shor's algorithm on a quantum computer. ML-KEM is resistant to Shor's algorithm, protecting your data even against future quantum computers.
When was ML-KEM standardized by NIST?
NIST published FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) and FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) in August 2024, after an 8-year competition and evaluation process. These are the official US federal post-quantum cryptography standards.
Can I use QSafe Vault on mobile?
Yes. QSafe Vault is responsive and works on mobile browsers. However, key generation involves entropy from the device's secure RNG — modern mobile browsers (Chrome, Safari, Firefox) fully support the Web Crypto API needed.
🔧 Troubleshooting
Decrypt button is disabled
Decryption requires an active key pair in memory. If you refreshed or closed and reopened the tab, your keys are gone. Generate a new key pair — but note you cannot decrypt files encrypted with the old keys.
"No vault entry found" during decryption
This message appears when you try to decrypt a file that wasn't encrypted in the current session. The vault is session-only. Make sure you encrypted the file in the same tab session.
Browser compatibility issues
QSafe Vault requires a modern browser with Web Crypto API support. All major browsers (Chrome 37+, Firefox 34+, Safari 11+, Edge 79+) are fully supported. Internet Explorer is not supported.
ℹ
For the best experience, use a Chromium-based browser (Chrome, Edge, Brave) or Firefox on desktop. Hardware AES acceleration is available in all of these.