The full technical specification.

Encryption

XChaCha20-Poly1305

256-bit keys

The same encryption class trusted by Signal. Extended nonce eliminates collision risk even across billions of files.

Key Derivation

Argon2id

Memory-hard KDF

Defeats GPU cracking farms by requiring massive memory allocation per password guess.

Media Decryption

RAM-Only

Zero-copy VRAM

Decrypted photos exist only in secure GPU memory. Nothing is ever written to disk, cache, or swap.

Video Streaming

Chunked AEAD

Frame-by-frame

4K video is decrypted and streamed chunk-by-chunk. The full file never exists decrypted.

AI Processing

On-Device Only

Qwen local model

Photo tagging and search run on your GPU via a local Qwen model. Zero cloud calls.

Search Index

SQLite FTS5

Encrypted at rest

Full-text search index is encrypted alongside your media. Queries never leave the device.

Sync Protocol

1KB Encrypted Deltas

E2E verified

Only changes sync. Each delta packet is individually encrypted and cryptographically signed.

Key Storage

Hardware Enclaves

SE / TPM / Keystore

Keys live in dedicated security silicon (Apple Secure Enclave, TPM 2.0, Android Keystore). Non-exportable.

Screen Protection

DRM-Level Blocking

All platforms

Screenshots and screen recording are blocked at the OS level while viewing protected media.

Authentication

Biometric + FIDO2

YubiKey supported

Face ID, fingerprint, or physical hardware keys. No phishable passwords.

Core Engine

Rust (qmv-core)

Memory-safe

The entire cryptographic engine is written in Rust — zero buffer overflows, zero use-after-free.

Platform Bridges

UniFFI / JNI / C-ABI

Native bindings

Each platform shell (SwiftUI, WinUI 3, Compose, GTK4) binds directly to qmv-core via native FFI.