Quantum-Safe Vault

About

Quantum-Safe Vault brings post-quantum encryption to your browser — fully offline and zero-knowledge. Encrypt files, images, and text with ML-KEM-768 (Kyber) and AES-GCM, sign with Dilithium-65, and share safely using portable .pqc.json bundles. Private keys never leave your device and are sealed with your PIN.

Why it’s different

Post-quantum algorithms: ML-KEM-768 (key encapsulation) + Dilithium-65 (signing)

Local-only: No servers, no telemetry, no background network calls

PIN-sealed keys: Private keys encrypted at rest (PBKDF2-SHA-256 → AES-GCM)

Clean UX: Drag-and-drop files/images, one-click text encrypt/decrypt

Portable by design: Output is a self-contained .pqc.json you can store or send anywhere

Sign & verify: Optional Dilithium signature adds sender authenticity to bundles

Contacts & Messenger (offline): Import others’ public keys and compose signed, encrypted messages

What you can do

Encrypt files & images for yourself or a chosen contact

Encrypt text in the popup and save it as a file

Decrypt previously saved .pqc.json bundles

Export/Import keys to move to a new device (private keys stay PIN-sealed)

Export/Copy your public keys so people can encrypt to you

Import contacts (public keys) and use the built-in Messenger to produce signed ciphertext messages

How it works (simplified)

Create your keys once and set a PIN (private keys are sealed with AES-GCM under your PIN).

When you encrypt: the app derives a fresh AES key via ML-KEM with the recipient’s public key and saves { kemCt, iv, ct } into a .pqc.json bundle.

Optionally, it signs that bundle with Dilithium-65 so recipients can verify it came from you.

Decrypting requires your PIN to unwrap your private key, then it decapsulates the shared key and opens the AES-GCM payload.

Privacy & permissions

Data collection: None. We do not collect, transmit, or sell any personal data.

Network access: None. The extension works fully offline.

Permissions used:

storage — store your encrypted keys and local settings

downloads — let you save encrypted/decrypted files and key exports

Notes & tips

Keep your PIN safe. If you forget it, we cannot recover your private keys.

For sharing, send the generated .pqc.json file. The recipient will decrypt locally.

Use Options → Export My Public Keys so others can add you as a contact.

Use Options → Backup/Restore to move devices (your private keys remain PIN-sealed).

Built to protect today’s data from tomorrow’s attacks — without giving your data to anyone, including us.