Everything You Need

QSafe Vault Features

A complete post-quantum cryptographic toolkit built for your browser. No installations, no servers, no compromises.

Feature 01

Post-Quantum Key Generation

Generate fresh cryptographic key pairs using CRYSTALS-Kyber (ML-KEM), the NIST-standardized post-quantum Key Encapsulation Mechanism. Choose from three security levels to match your needs.

All key material is generated locally using your browser's cryptographically secure random number generator — never transmitted anywhere.

  • ML-KEM-512: 128-bit post-quantum security (800B public key)
  • ML-KEM-768: 192-bit post-quantum security (1184B public key)
  • ML-KEM-1024: 256-bit post-quantum security (1568B public key)
  • Separate ML-DSA-65 signing key pair auto-generated
  • Keys visible, copyable, and exportable
01
🔑
ALGORITHMML-KEM-1024
SECURITY256-BIT PQC
PUBLIC KEY1568 BYTES
SECRET KEY3168 BYTES
SIGN ALGML-DSA-65
SIGN PK1952 BYTES
GENERATEDIN-BROWSER
SERVERNONE
Feature 02

Hybrid Encryption

QSafe Vault uses a proven hybrid approach: ML-KEM encapsulates a fresh AES-256 session key, which then encrypts your file with GCM authenticated encryption. You get quantum-safe key exchange AND fast symmetric encryption.

The 128-bit authentication tag in GCM protects against tampering, giving you both confidentiality and integrity in a single operation.

  • KEM encapsulation: ML-KEM (Kyber) lattice problem
  • Key derivation: HKDF-SHA3-512
  • File encryption: AES-256-GCM (hardware accelerated)
  • Authentication tag: 128-bit integrity check
  • Random IV: 96-bit per encryption
02
🔒
ENCRYPTION PIPELINE
ML-KEM KEM
1568B CT
HKDF-SHA3
32B KEY
AES-256-GCM
FILE+TAG
AUTH TAG
128-BIT
Feature 03

Digital Signatures

Sign files using CRYSTALS-Dilithium (ML-DSA-65) — the NIST-standardized post-quantum signature scheme. Signatures provide cryptographic proof that a file came from you and hasn't been modified.

QSafe Vault can auto-sign on every encryption operation and auto-verify on decryption, making non-repudiation seamless.

  • ML-DSA-65 (Dilithium): NIST FIPS 204 compliant
  • 3293-byte signatures — compact for quantum-safe
  • File hashed with SHA-256 before signing
  • One-click verification with visual result
  • Auto-sign and auto-verify toggles
03
✍️
FILE HASH (SHA-256)
a3f8d912b7c405e1...9f2a4108dce63b77
DILITHIUM SIGNATURE
4f7a19d2e08b3c56...f1d9a3720bce14f8
SIGNATURE VALID — ML-DSA-65 VERIFIED
Feature 04

Secure Vault

All encrypted and signed files are stored in a session vault with full metadata. Inspect algorithm details, ciphertext sizes, key encapsulation data, and signature status for every file.

The vault is fully in-memory — everything is cleared when you close the tab, with no persistence to external storage.

  • Per-file algorithm and security level display
  • Ciphertext size vs original size comparison
  • Signed/unsigned status per file
  • One-click file detail modal
  • Individual file deletion or full vault wipe
04
🗄️
ENC report.pdf.qvenc 2.4 MB
ENC keys.zip.qvenc 840 KB
SIG contract.docx.qvsig 128 KB
ENC photo.jpg.qvenc 5.1 MB

Ready to Try It?

All features run entirely in your browser. No sign-up required.

Launch QSafe Vault → Algorithm Details