Skip to main content

Frequently Asked Questions

Are my files safe?

Yes. Every file is encrypted with AES-256-GCM (the same standard used by banks and governments) and the encryption key is wrapped with X-Wing KEM, a quantum-safe algorithm based on NIST FIPS 203. Even if a quantum computer becomes available in the future, your files remain protected.

Where are my private keys stored?

Your private keys are stored in a server-side Key Management Service (KMS). They never leave the secure environment — not to your device, not to any API response, not anywhere else. All encryption and decryption operations happen server-side where the keys reside.

Can I use Qpher Vault offline?

You need an internet connection to encrypt, decrypt, view, share, and import files — because all cryptographic operations happen server-side for maximum security. However, .qpher export files can be transferred offline (via AirDrop, USB, etc.) and imported later when online.

What file types are supported?

Qpher Vault can encrypt any file type — photos, PDFs, documents, spreadsheets, archives, audio, video, and more. The viewer supports previewing images, PDFs, and text files. Other file types can be saved to your device and opened with the appropriate app.

What happens if I forget my password?

Tap Forgot Password on the login screen, enter your email, and follow the reset link. Your encryption keys are managed server-side and are not derived from your password, so resetting your password does not affect your encrypted files.

How do I upgrade my plan?

Go to the Account tab in the app and tap your current plan to see upgrade options. Payment is handled through Apple In-App Purchase. You can also manage your subscription through the App Store settings on your device.

What is a .qpher file?

A .qpher file is a portable encrypted document created by Qpher Vault. It contains:

  • The encrypted file content
  • A sender digital signature (ML-DSA)
  • Recipient-specific encryption (only the intended recipient can decrypt)
  • Header integrity protection (AAD binding)

You can transfer .qpher files via AirDrop, email, USB, or any other method. The recipient imports it into their Qpher Vault app to verify and decrypt. See Export & Import for details.

Can I share files with someone who doesn't have Qpher?

For in-app sharing: Yes — a pending share is created and the recipient gets an email invitation. Once they create a free Qpher account, the file appears in their vault automatically.

For encrypted export (.qpher): The recipient needs an existing Qpher account. If they don't have one, the app will suggest using in-app sharing instead.

How do I know if my file has been tampered with?

Every signed document includes a Composite ML-DSA digital signature. When you view the file, the signature is verified server-side. If any modification occurred after signing, verification fails and you'll see a warning.

For .qpher export files, the sender's signature is verified during import. Any tampering — even a single byte — causes the import to fail.

Is Qpher Vault compliant with regulations?

Qpher uses NIST-standardized algorithms (FIPS 203 for ML-KEM, FIPS 204 for ML-DSA) and follows security best practices including:

  • AES-256-GCM encryption at rest
  • Non-exportable private keys
  • Comprehensive audit logging
  • Tenant isolation

See the Security Architecture section for details.

How do I delete my account?

Go to Account > Settings > Delete Account. This permanently deletes all your files, keys, and account data. This action cannot be undone. See Account & Settings for details.