Encrypt via QR code!
Build applications that encrypt data on the client-side without using passwords. Instead of entering passwords, use QRS app to scan QR code displayed by E2EE application. QR code opens a "door" into a tunnel between E2EE application and QRS mobile app. QRS mobile app uses its Master Key (KEK) to WRAP / UNWRAP data keys (DEKs) used by E2EE application to encrypt data. This works with GUI as well as terminal and command line - please see the demo video below:
How does it work - Part 1
How does it work - Part 2
Why use QRS encryption?
Easier than passwords
Scanning QR codes is easier compared to entering passwords.
More secure than passwords
QRS uses randomly generated AES 256-bit KEK and DEK keys that cannot be brute-forced. Other encryption software often use keys derived from passwords that would usually have LOWER ENTROPY and can be brute-forced if password is weak. Even the strongest of manually managed passwords would have MUCH LESS entropy compared to random keys used in QRS.
No risk of keyloggers
Keyloggers may steal your passwords while being typed. With QRS, keyloggers are of less concern b/c nothing is typed while unlocking (decrypting) your data.
Stop worrying where and how to store your keys
You may need to access your encrypted data from multiple devices - from home, office, or that Cloud VM. No need to decide where to store your keys - QRS provides an easy way to store DEK keys together with your data (usually in the same file), authenticated and encrypted with Master Key. Master Key is securely stored in your phone protected by biometrics and Secure Enclave / Secure Element chips. Also, some Master Keys could be stored offline completely offloaded from your phone if used infrequently.
Stop worrying about losing your keys
Since QRS stores your DEK keys together with your data, if you have your data you also have your DEK keys. The only thing to worry about is your Master Key which you absolutely must back up into a password-protected Backup Image and have several copies of that image stored in redundant locations.
Backup your Master Key or lose your data!
You absolutely MUST backup your randomly generated Master Key or you will lose your encrypted data right after QRS app re-install or mobile OS update!
Quantum Safe AES-256
QRS uses AES encryption with 256 bit keys, which is considered quantum safe.
Authenticated Encryption with Associated Data (AEAD)
QRS uses AES in GCM mode which provides the ability to cryptographically bind the metadata (Associated Data) describing the encrypted data. For example, Password Manager application might want to use 'website' and 'username' as Associated Data (AD) attributes. QRS uses AEAD extensively, for example, Client Application Name is a mandatory AD attribute. QRS also provides API for Client Applications to define custom AD attributes to be attached to wrapped DEK keys. Before unwrapping the DEK key, QRS application displays AD attributes to user and waits until user confirms the operation.
Flexible API to support future Client Applications
QRS is intended to be flexible to support existing and also not yet developed Client Applications. The goal is to completely avoid changes in QRS mobile app when developing new Client Applications.
Free and Open Source
QRS is Free and Open Source software with a permissive MIT licence.
Cross-Platform
No more platform lock-in! QRS uses modern cross-platform C#/.NET stack and so it runs on IOS, Android, Windows, macOS, and Linux. Switching mobile platforms by Backing up your Master Key on Android and restoring it on IOS, or vice-versa, is super easy!
No cloud accounts
Having Apple, Google or Microsoft account is NOT required to use QRS. On Android, we completely disable cloud backup. On IOS, KeyChain is used to securely store your Master Key on device. With that said, the officialy supported way to backup your Master Key(s) is to create a password-encrypted Backup Image via QRS app. This gives you 100% privacy, vendor independence, and ultimate control over your encryption keys. We will also publish QRS source code so you will be able to build QRS apps from source and run it on your platform of choice.
Nothing is stored server-side
There is NO risk of server-side data loss.
Privacy
QRS mobile app does not collect any PII (personally identifying information) about you. However, if you use public Tunnel Servers provided by QRID.COM, the servers will do some basic logging expected from HTTPS server, including logging of your IP address. Also, it would log an Application Name and Application InstanceId which is a unique anonymous randomly generated identifier that QRS app creates and stores on your device. InsanceId is only available to QRS app and it is not available to other apps on your device. InsanceId and Application Name are included to every request that is being sent to the Tunnel Server. We use these data to monitor service stability and performance, to rate-limit API requests, and to derive basic retention metrics used to improve the service. The web server logs are stored for the period of 90 days. The InstanceId and derived metrics are stored for the period of 2 years after last use.
What software is using QRS encryption?
Cross-platform Password Manager (Windows, macOS, Linux coming soon). To try a BETA version on Windows, please download a ZIP file below, extract all content, then run the EXE file (QrsPasswordManager.exe). For macOS, please download ARM or Intel ZIP file, extract the .APP folder, then move .APP folder into the Applications folder on your Mac.
Command Line utility that uses encrypted YAML config to set environment variables and then launch the process. Great for running CI/CD scripts, loading encrypted SSH keys into SSH Agent, running AWS CLI, Azure CLI, and many other admin scripts that take sensitive parameters via environment variables. To try a BETA version on Windows, please download a ZIP file below, extract all content, then run the EXE file (qrs.exe). For macOS, please download ARM or Intel ZIP file, extract the qrs file, then run the "./qrs" command from your terminal. To have QR code displayed correctly, please also set your terminal font to 'Courier New' and Line Spacing to '1'.
  • First, please install QRS mobile app then launch the app and choose to create a new Master Key
  • Please open the terminal to the folder containing the qrs executable (CLI)
  • STEP 1 - INIT - encrypt secrets into the yml file
  • run this command:
    ./qrs init SampleFiles/example1.sh.yml
  • please enter some values for demo user and demo password
  • the terminal will then display a QR code using ASCII preudographics
  • please scan QR code using QRS mobile app
  • since this is the first use, the app instances will need to be 'paired'. During Pairing, the CLI application will learn the PubKey of QRS mobile application. Please follow instructions in both mobile and CLI applications
  • immediately after pairing, the QRS mobile app will show the Confirmation screen asking you to confirm the DEK key WRAP with your Master Key
  • once you press 'Yes' button to confirm the operation, the wrapped DEK will be delivered back to CLI, and CLI will update SampleFiles/example1.sh.yml file saving encrypted DEK key and encrypted data into that file
  • STEP 2 - RUN - decrypt secrets, load decrypted secrets into environment variables, run the child process
  • run this command:
    ./qrs run SampleFiles/example1.sh.yml
  • please scan QR code using QRS mobile app
  • please confirm the operation by pressing 'Yes' in QRS mobile app
  • the demo script will ECHO the decrypted values of your environment variables
Windows Application to encrypt arbitrary files
Cross-Platform Notes Application (Windows, macOS, Linux) where notes are encrypted with QRS
QRS encryption could be integrated into any web, mobile, desktop or command line application. Open QRS protocols are defined as HTTPS APIs with Protobuf payload objects. For C#/F#/VB.NET developers we already provide a client library. For languages like JavaScript, TypeScript, Java, Go, Rust, Python, C/C++ - client libraries will need to be developed using Protobuf and standard cryptographic primitives available in all of these languages. Please send us an email to info@qrid.com if you are interested in development of a client library for your preferred language.
Learn more at DEVELOPER.QRID.COM (coming soon)
Free QRS mobile app is required
in order to use QRS encryption
Early Access - download and install APK file on Android:
1) In your Android Settings, search for "unknown" keyword to find something like "Install unknown apps" setting
2) Allow installation of "Unknown Apps" from "Chrome" and then download the APK file using the link below
3) Ignore all "Blocked App" warnings and look for an option to "Install Anyways"
Android - Install QRS app by downloading APK file
Android - Google Play Market - coming soon (app is in review)
IOS - Apple App Store - coming soon (app is in review)
To get notified about our launch
please send us EMAIL to
info@qrid.com