Scanning QR codes is easier compared to entering passwords.

QRS uses randomly generated AES 256-bit KEK and DEK keys that cannot be brute-forced. Other encryption software often use keys derived from passwords that would usually have LOWER ENTROPY and can be brute-forced if password is weak. Even the strongest of manually managed passwords would have MUCH LESS entropy compared to random keys used in QRS.

Keyloggers may steal your passwords while being typed. With QRS, keyloggers are of less concern b/c nothing is typed while unlocking (decrypting) your data.

You may need to access your encrypted data from multiple places - from home, office, or that Cloud VM. No need to decide where to store your keys - QRS provides an easy way to store DEK keys together with your data (usually in the same file), authenticated and encrypted with Master Key. Master Key is securely stored in your phone protected by biometrics and Secure Enclave / Secure Element chips. Also, some Master Keys could be stored offline - completely offloaded from your phone - if used infrequently.

Since QRS stores your DEK keys together with your data, if you have your data you also have your DEK keys. The only thing to worry about is your Master Key which you absolutely must back up into a password-protected Backup Image and have several copies of that image stored in redundant locations.

You absolutely MUST backup your Master Key(s) or you will lose your encrypted data right after QRS mobile app re-install or mobile OS update!

QRS uses AES encryption with 256 bit keys, which is considered quantum safe.

QRS uses AES in GCM mode which provides the ability to cryptographically bind the metadata (Associated Data) describing the encrypted data. For example, Password Manager application might want to use 'website' and 'username' as Associated Data (AD) attributes. QRS uses AEAD extensively, for example, Client Application Name is a mandatory AD attribute. QRS also provides API for Client Applications to define custom AD attributes to be attached to wrapped DEK keys. Before unwrapping the DEK key, QRS application displays AD attributes to user and waits until user confirms the operation.

QRS is intended to be flexible to support existing and also not yet developed Client Applications. The goal is to completely avoid changes in QRS mobile app when developing new Client Applications.

QRS is Free and Open Source software with a permissive MIT licence.

No more platform lock-in! QRS uses modern cross-platform C#/.NET stack and so it runs on IOS, Android, Windows, macOS, and Linux. Switching mobile platforms by Backing up your Master Key on Android and restoring it on IOS, or vice-versa, is super easy!

Open QRS protocols are defined as a set of HTTPS APIs with Protobuf payloads. For C#/F#/VB.NET developers we already provide a client library. For languages like JavaScript, TypeScript, Java, Go, Rust, Python, C/C++ - client libraries will need to be developed using Protobuf and standard cryptographic primitives available in any language. Please send us email to info@qrid.com if you are interested in a client library development for your language.

Having Apple, Google or Microsoft account is NOT required to use QRS. On Android, we completely disable cloud backup. On IOS, KeyChain is used to securely store your Master Key on device. With that said, the officialy supported way to backup your Master Key(s) is to create a password-encrypted Backup Image via QRS app. This gives you 100% privacy, vendor independence, and ultimate control over your encryption keys. We will also publish QRS source code so you will be able to build QRS apps from source and run it on your platform of choice.

There is NO risk of server-side data loss.

QRS mobile app does not collect any PII (personally identifying information) about you. However, if you use public Tunnel Servers provided by QRID.COM, the servers will do some basic logging expected from HTTPS server, including logging of your IP address. Also, it would log an Application Name and Application InstanceId which is a unique anonymous randomly generated identifier that QRS app creates and stores on your device. InsanceId is only available to QRS app and it is not available to other apps on your device. InsanceId and Application Name are included to every request that is being sent to the Tunnel Server. We use these data to monitor service stability and performance, to rate-limit API requests, and to derive basic retention metrics used to improve the service. The web server logs are stored for the period of 90 days. The InstanceId and derived metrics are stored for the period of 2 years after last use.

Cross-platform Password Manager (Windows, macOS, Linux coming soon). To try a BETA version on Windows, please download a ZIP file below, extract all content, then run the EXE file (QrsPasswordManager.exe). For macOS, please download ARM or Intel ZIP file, extract the .APP folder, then move .APP folder into the Applications folder on your Mac.

Command Line utility that uses encrypted YAML config to set environment variables and then launch the process. Great for running CI/CD scripts, loading encrypted SSH keys into SSH Agent, running AWS CLI, Azure CLI, and many other admin scripts that take sensitive parameters via environment variables. To try a BETA version on Windows, please download a ZIP file below, extract all content, then run the EXE file (qrs.exe). For macOS, please download ARM or Intel ZIP file, extract the qrs file, then run the "./qrs" command from your terminal. To have QR code displayed correctly, please also set your terminal font to 'Courier New' and Line Spacing to '1'.

• First, please install QRS mobile app then launch the app and choose to create a new Master Key
• Please open the terminal to the folder containing the qrs executable (CLI)
• STEP 1 - INIT - encrypt secrets into the yml file
• run this command:

  ./qrs init SampleFiles/example1.sh.yml

• please enter some values for demo user and demo password
• the terminal will then display a QR code using ASCII preudographics
• please scan QR code using QRS mobile app
• since this is the first use, the app instances will need to be 'paired'. During Pairing, the CLI application will learn the PubKey of QRS mobile application. Please follow instructions in both mobile and CLI applications
• immediately after pairing, the QRS mobile app will show the Confirmation screen asking you to confirm the DEK key WRAP with your Master Key
• once you press 'Yes' button to confirm the operation, the wrapped DEK will be delivered back to CLI, and CLI will update SampleFiles/example1.sh.yml file saving encrypted DEK key and encrypted data into that file
• STEP 2 - RUN - decrypt secrets, load decrypted secrets into environment variables, run the child process
• run this command:

  ./qrs run SampleFiles/example1.sh.yml

• please scan QR code using QRS mobile app
• please confirm the operation by pressing 'Yes' in QRS mobile app
• the demo script will ECHO the decrypted values of your environment variables

Windows Application to encrypt arbitrary files

Cross-Platform Notes Application (Windows, macOS, Linux) where notes are encrypted with QRS

QRS encryption could be integrated into any web, mobile, desktop or command line application. Open QRS protocols are defined as a set of HTTPS APIs with Protobuf payloads. For C#/F#/VB.NET developers we already provide a client library. For languages like JavaScript, TypeScript, Java, Go, Rust, Python, C/C++ - client libraries will need to be developed using Protobuf and standard cryptographic primitives available in any language. Please send us email to info@qrid.com if you are interested in a client library development for your language.
Learn more at DEVELOPER.QRID.COM (coming soon)