Encrypt a message. Remember the phrase. Send the file anywhere. No accounts. No servers. No recurring fees. The offline desktop app for everyday private communication.
Apple Silicon & Intel · macOS 11 Big Sur or newer
~2 MB DMG Download .dmg.dmg and drag QEV.app into your Applications folder.xattr -cr /Applications/QEV.app && open /Applications/QEV.appWhy does this happen? The app isn't signed with a $99/year Apple Developer certificate yet, so macOS Gatekeeper blocks it by default. The command above removes the browser's quarantine flag. The app itself is safe — same code that passes 362 tests, same binary CI produced from the public source.
x64 · Windows 10 / 11 · WebView2 (auto-installed)
~2 MB MSI · ~1.5 MB EXE Download .msi or .exe installerWhy? The installer isn't Authenticode-signed yet, so Windows SmartScreen flags it as unrecognized. The file is the same binary GitHub Actions CI produced from the public source.
Node 18.17+ · same vault format
~17 KB tarballnpm i -g @bryan237l/qev-cli
The browser version at secure.imagineqira.com/vault uses the same crypto and the same vault format as the desktop app. It's currently in private preview — email bryanleonard@imagineqira.com for an access code. If you'd rather skip the email step, buy the native app above and use it offline forever.
Open the Web VaultHR creates accounts. You need to deliver the temporary password without posting it in a Slack channel that's audited forever. Lock it in QEV, text them the phrase, email them the file. They open it on day one, read the password, delete the file.
The PDF goes through the firm's portal. The password needs to reach the client separately, and email isn't appropriate. Lock the password in QEV, download the box file, hand it off however you want. Tell the client the phrase over a phone call. Done.
She's not going to install 1Password. She's not going to make a LastPass account. She needs to open a file on her laptop, read the Wi-Fi password, and throw the file away. Lock it in QEV, AirDrop it to her, tell her the phrase on the phone.
A diagnosis, a prescription, something private that shouldn't sit in an email thread forever. Lock it in QEV, share the file on a family chat, tell the person the phrase in person. Delete the file after they read it.
A journal entry. An account recovery code. A reminder you don't want a cloud backup to see. QEV writes an encrypted box file to your disk; only you know the phrase. The file survives backups and sync without exposing the contents.
You want to send a reservation or gift detail that shouldn't sit readable in their phone's lock screen notifications. Lock it in QEV, text them the file, whisper them the phrase. They open it when they're ready.
| QEV | Bitwarden Premium | 1Password | Signal | |
|---|---|---|---|---|
| Cost | Free | ~$20/year | $35.88/year | Free |
| 5-year total cost | Free | $99 | $180 | $0 |
| Account required | No | Yes | Yes | Yes (phone number) |
| Works offline forever | Yes | No (server sync) | No (server sync) | No (needs network) |
| Message survives service shutdown | Yes | Depends on export | Depends on export | No |
| Recipient needs the app | No (free web version works) | Yes | Yes | Yes |
| Category | Encrypted envelope | Password manager | Password manager | Messenger |
QEV isn't trying to replace any of these. If you need a password database, get Bitwarden. If you need an end-to-end messenger, get Signal. QEV covers the one case those tools don't: encrypt one secret, once, send the file anywhere, no account, no server, no subscription.
Anything you want to keep private. Up to 256 KiB of text. Passwords, notes, recovery codes, a letter.
Four random words. The app has a generator if you don't have one in mind. You remember this phrase — it is never stored anywhere.
QEV produces an encrypted vault file. Save it wherever you want. The file is safe to send through email, chat, USB, SMS, anything.
If you're sending to someone else, tell them the phrase through a different channel (phone call, in person, text). They open the file in QEV and see the message.
XChaCha20-Poly1305 for encryption. Argon2id for phrase stretching. Both are RFC-standard algorithms implemented by the libsodium library Signal uses. QEV invents no new cryptography.
Every file on this site is SHA-256 hashed and the manifest is signed with ed25519. The public key is published. Anyone can verify the signature against the manifest independently.
How to verifyThe app makes zero network requests after launch. You can verify this yourself with DevTools or a packet sniffer. It has no analytics, no crash reporting, no update-check pings — nothing leaves your machine unless you explicitly export a file.
Free and open source. Mac, Windows, Android, and CLI. No account, no payment, no server.