Encrypt a message. Remember the phrase. Send the file anywhere. Pair devices with a QR code. Chat with encrypted messages. No accounts. No servers. No recurring fees.
Apple Silicon & Intel · macOS 11 Big Sur or newer
~2 MB DMG Download .dmgv0.29.0 highlights: macOS Keychain-wrapped private key · per-chat lock/unlock with the shared phrase never saved · locked chats display as copyable ciphertext so you can still scroll, select, and decrypt elsewhere (Open-a-vault tab or /vault) · refreshed chat UI with bigger tap targets, smoother peer switching, and a proper mobile back-button flow. Existing installs migrate automatically on first launch.
.dmg and drag QEV.app into your Applications folder.xattr -cr /Applications/QEV.app && open /Applications/QEV.appWhy does this happen? The app isn't signed with a $99/year Apple Developer certificate yet, so macOS Gatekeeper blocks it by default. The command above removes the browser's quarantine flag. The app itself is safe — same code that passes 362 tests, same binary CI produced from the public source.
x64 · Windows 10 / 11 · WebView2 (auto-installed)
MSI installer · full feature parity with Mac Download .msi or .exe installerv0.29.0 has everything the Mac has: device pairing (QR & safety number), encrypted chat with relay delivery, per-chat lock/unlock, identity backup/restore, and the same vault format — cross-platform compatible with QEV v0.29.0 on Mac and Android.
Why? The MSI isn't yet Authenticode-signed with an EV certificate, so Windows SmartScreen flags it as unrecognized. The binary is the same one built by the public GitHub Actions workflow from the open-source Rust sources.
Node 18.17+ · same vault format
~17 KB tarballnpm i -g @bryan237l/qev-cli
A private encrypted mesh between devices you own. Same pair-in-person trust model as QEV — at the network layer. No accounts. No VPN provider. No exit nodes. Just your devices reaching your devices, from anywhere.
Open Terminal (⌘+Space, type "Terminal", Enter) and paste:
curl -fsSL https://secure.imagineqira.com/downloads/qira-link-install.sh | bash
Downloads the DMG, copies Qira Link.app to /Applications, clears macOS
quarantine, launches it. Prompts for your sudo password once.
Read the script first
if you'd rather see what it's doing.
Apple Silicon · macOS 11+
~4 MB DMG Download .dmgPrefer manual? Three steps after downloading: double-click the DMG, drag "Qira Link" onto the Applications folder, then right-click Qira Link in /Applications → Open. The right-click is needed because this alpha isn't yet signed by Apple.
Not available for download yet.
— Coming soonThe MSI + WinTun bundling is scripted and ready; we'll post a binary here once we've signed it with an Authenticode certificate. Intel/AMD 64-bit · Windows 10 1809+.
Not available for download yet.
— Coming soonThe APK + VpnService wiring is scripted; we'll post a signed build here once we rotate the Play Store keystore. arm64 · Android 7.0+.
The first time you click Connect on a peer, macOS will pop a dialog asking to share your QEV identity from the Keychain:
"Qira Link wants to use your confidential information stored in
com.imagineqira.qev in your keychain. To allow this, enter the
'login' keychain password."
Click "Always Allow" and enter your Mac login password once. This adds Qira Link to the Keychain item's access-control list; you'll never see the prompt again.
Why this happens: QEV created the item. macOS enforces per-app
access-control lists — only the app that created a keychain item can read it
silently. Qira Link is a different binary, so the OS asks for your consent on
first use. Once both apps are signed with the same Apple Developer ID and
share a keychain-access-groups entitlement (shipping release),
this prompt goes away entirely.
Both messages mean the same thing: macOS Gatekeeper blocks unsigned binaries by default. The one-liner installer above handles this automatically; if you're installing by hand, here's the cleanup:
sudo xattr -cr "/Applications/Qira Link.app"
open "/Applications/Qira Link.app"sudo codesign --force --deep --sign - "/Applications/Qira Link.app"
open "/Applications/Qira Link.app"- after --sign is a literal minus sign. It tells codesign to produce an ad-hoc (cert-less) signature, which is enough to convince Gatekeeper the app hasn't been tampered with since install.
mdfind -name QiraLink-0.1.0-alpha.0-aarch64.dmgAll of this goes away the minute we sign the shipping build with an Apple Developer ID certificate. It's an alpha-only chore.
The browser version at secure.imagineqira.com/vault uses the same crypto and the same vault format as the desktop app. No account needed — just open it and start encrypting.
Open the Web VaultHR creates accounts. You need to deliver the temporary password without posting it in a Slack channel that's audited forever. Lock it in QEV, text them the phrase, email them the file. They open it on day one, read the password, delete the file.
The PDF goes through the firm's portal. The password needs to reach the client separately, and email isn't appropriate. Lock the password in QEV, download the box file, hand it off however you want. Tell the client the phrase over a phone call. Done.
She's not going to install 1Password. She's not going to make a LastPass account. She needs to open a file on her laptop, read the Wi-Fi password, and throw the file away. Lock it in QEV, AirDrop it to her, tell her the phrase on the phone.
A diagnosis, a prescription, something private that shouldn't sit in an email thread forever. Lock it in QEV, share the file on a family chat, tell the person the phrase in person. Delete the file after they read it.
A journal entry. An account recovery code. A reminder you don't want a cloud backup to see. QEV writes an encrypted box file to your disk; only you know the phrase. The file survives backups and sync without exposing the contents.
You want to send a reservation or gift detail that shouldn't sit readable in their phone's lock screen notifications. Lock it in QEV, text them the file, whisper them the phrase. They open it when they're ready.
| QEV | Bitwarden Premium | 1Password | Signal | |
|---|---|---|---|---|
| Cost | Free | ~$20/year | $35.88/year | Free |
| 5-year total cost | Free | $99 | $180 | $0 |
| Account required | No | Yes | Yes | Yes (phone number) |
| Works offline forever | Yes | No (server sync) | No (server sync) | No (needs network) |
| Message survives service shutdown | Yes | Depends on export | Depends on export | No |
| Recipient needs the app | No (free web version works) | Yes | Yes | Yes |
| Category | Encrypted envelope | Password manager | Password manager | Messenger |
QEV isn't trying to replace any of these. If you need a password database, get Bitwarden. If you need an end-to-end messenger, get Signal. QEV covers the one case those tools don't: encrypt one secret, once, send the file anywhere, no account, no server, no subscription.
Anything you want to keep private. Up to 256 KiB of text. Passwords, notes, recovery codes, a letter.
Four random words. The app has a generator if you don't have one in mind. You remember this phrase — it is never stored anywhere.
QEV produces an encrypted vault file. Save it wherever you want. The file is safe to send through email, chat, USB, SMS, anything.
If you're sending to someone else, tell them the phrase through a different channel (phone call, in person, text). They open the file in QEV and see the message.
XChaCha20-Poly1305 for encryption. Argon2id for phrase stretching. Both are RFC-standard algorithms implemented by the libsodium library Signal uses. QEV invents no new cryptography.
Every file on this site is SHA-256 hashed and the manifest is signed with ed25519. The public key is published. Anyone can verify the signature against the manifest independently.
How to verifyThe app makes zero network requests after launch. You can verify this yourself with DevTools or a packet sniffer. It has no analytics, no crash reporting, no update-check pings — nothing leaves your machine unless you explicitly export a file.
Free and open source. Mac, Windows, Android, and CLI. No account, no payment, no server.