QSafe Vault runs entirely in your browser, encrypting files with NIST-certified post-quantum algorithms. Your keys are derived locally, your files never leave your device, and your password is never stored or transmitted.
Six things that happen every time you use the vault.
A vault name and password derive a 256-bit AES key via Argon2id. The key exists only in browser memory — it is never written to disk or transmitted.
Files are encrypted using a hybrid scheme: ML-KEM-768 encapsulates a per-file key, AES-256-GCM encrypts the file content, and ML-DSA-65 signs the resulting container.
Encrypted containers are stored in IndexedDB — entirely local to your browser. No data is transmitted anywhere. Locking the vault or closing the tab clears all key material from memory.
RSA and ECDH — the basis of most current encryption — are vulnerable to Shor's Algorithm on a quantum computer. QSafe uses NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA), standardised specifically to resist quantum attacks.
Every container is signed with ML-DSA-65. The signature covers the full container including all policy fields. Verification runs before decryption — any modification to the container causes immediate rejection.
Attach a policy to any file specifying a minimum unlock timestamp. The timestamp is embedded inside the signed container and cannot be modified without breaking the signature.
Adversaries are actively collecting encrypted data today with the intent to decrypt it once fault-tolerant quantum hardware is available. Data encrypted with RSA or ECDH key exchange has a finite shelf life. ML-KEM-768 is built on lattice problems with no known quantum speedup — encrypted data remains secure regardless of future hardware advances. Learn about the math →
Choose a name and strong password. Your vault is created instantly — no sign-up, no email.
Drag any file — documents, photos, contracts — directly into your open vault.
Your file is scrambled using hybrid quantum-safe encryption in under a second.
The encrypted file lives in your browser's local storage. Unlock anytime with your password.
Two layers of encryption work together: a quantum-safe key exchange (ML-KEM) plus AES-256-GCM — the same cipher used by governments and militaries worldwide.
Every file gets a unique ML-DSA digital signature. If anyone modifies your encrypted file by even a single character, you'll know instantly when you try to open it.
Set a date before which a file cannot be decrypted — even if someone has your password. Perfect for wills, legal documents, or planned disclosures.
Every action — every encrypt, decrypt, and access attempt — is logged with a timestamp. Full transparency into what happened and when.
Export your entire encrypted vault as a single file to back up or move between devices. Import it back with the same password to regain access.
After the page loads, QSafe Vault makes zero network requests. Open your browser's developer tools and watch — no uploads, no beacons, no telemetry. Ever.
QSafe gives non-technical users access to genuine post-quantum security without requiring them to understand the underlying cryptography. The UX handles the complexity cleanly.
We use the time-lock policy for client contracts that must remain sealed until a specified date. The policy is cryptographically bound to the container — it's not a UI-level restriction.
The architecture is genuinely impressive — Argon2id key derivation, ML-KEM encapsulation, real QSAFE containers. Not a simulation. This is production-grade crypto in a browser.
No sign-up, no server-side processing. Create a vault, encrypt your files, and export a backup — all without leaving your browser.